deps(deps): bump the maven-minor-patch group across 3 directories with 11 updates

[dependabot]

Bumps the maven-minor-patch group with 11 updates in the / directory:

Package	From	To
com.fasterxml.jackson:jackson-bom	2.21.3	2.22.0
ch.qos.logback:logback-classic	1.5.32	1.5.34
org.apache.maven.plugins:maven-clean-plugin	3.4.0	3.5.0
org.apache.maven.plugins:maven-site-plugin	3.21.0	3.22.0
org.apache.maven.plugins:maven-resources-plugin	3.3.1	3.5.0
org.apache.maven.plugins:maven-enforcer-plugin	3.5.0	3.6.3
org.apache.maven.plugins:maven-surefire-plugin	3.5.5	3.5.6
org.apache.maven.plugins:maven-source-plugin	3.3.1	3.4.0
org.apache.maven.plugins:maven-gpg-plugin	3.2.7	3.2.8
org.sonatype.central:central-publishing-maven-plugin	0.7.0	0.10.0
com.github.siom79.japicmp:japicmp-maven-plugin	0.23.1	0.26.1

Bumps the maven-minor-patch group with 2 updates in the /benchmarks directory: ch.qos.logback:logback-classic and org.apache.maven.plugins:maven-surefire-plugin.
Bumps the maven-minor-patch group with 2 updates in the /examples directory: ch.qos.logback:logback-classic and org.apache.maven.plugins:maven-surefire-plugin.

Updates com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.22.0

Commits

• 112e859 [maven-release-plugin] prepare release jackson-bom-2.22.0
• 2cae2ce Prep for 2.22.0 release
• 7955d21 Merge branch '2.21' into 2.x
• 8922a05 Post-release dep version bump
• 1fa9943 [maven-release-plugin] prepare for next development iteration
• d1abd31 [maven-release-plugin] prepare release jackson-bom-2.21.4
• 2aaea43 Prep for 2.21.4 release
• 902ec69 Update Woodstox/stax2-api (to 7.2.0/4.3.0)
• 2570647 Merge branch '2.21' into 2.x
• 9d3a9d5 Post-release dep version bump
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

• PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

• HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• e62272a prepare release 1.5.34
• 1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
• 2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
• 0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
• f7a0654 prevent resolveProxyClass bypass
• 249b81f docs are no longer distributed
• 1c3b26a start work on 1.5.34-SNAPSHOT
• 124e8b4 prepare release 1.5.33
• d8fd6f2 escapeTags in message field when printing status messages
• 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-clean-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-clean-plugin's releases.

3.5.0

🚀 New features and improvements

• Configuration parameter for deleting read-only files (#252) @​desruisseaux

👻 Maintenance

• Bump project to 3.5.0-SNAPSHOT version (#254) @​slawekjaranowski
• Update README in 3.x branch (#249) @​slawekjaranowski

📦 Dependency updates

• Bump org.apache.maven.resolver:maven-resolver-api from 1.9.22 to 1.9.23 (#251) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-testing from 1.4.0 to 1.5.0 (#244) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#237) @dependabot[bot]

3.4.1

🚀 New features and improvements

• release-drafter configuration (#88) @​slawekjaranowski
• Add PR Automation (#80) @​slawekjaranowski
• [MCLEAN-126] - Replaced old File API with new Path equivalent where possible (#62) @​peterdemaeyer
• Add Release Drafter - 3.x (#69) @​slawekjaranowski
• [MCLEAN-124] - Replaced JUnit Assumptions with @​DisabledOnOs (#64) @​peterdemaeyer
• [MCLEAN-124] - Leverage Files.delete(Path) API to provide more accurate reason in case of failure (#60) @​peterdemaeyer
• [MCLEAN-110] - Replaced Utils.createSymlink with Java 7 Files.createSymbolicLink (#59) @​peterdemaeyer

📦 Dependency updates

• Bump org.apache.maven.resolver:maven-resolver-api from 1.1.1 to 1.9.22 (#78) @dependabot[bot]
• Bump mavenVersion from 3.6.3 to 3.9.9 (#77) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-testing from 1.3.0 to 1.4.0 (#72) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#76) @dependabot[bot]

👻 Maintenance

• Update scm tag according to branch (#102) @​slawekjaranowski
• PR Automation only on close event (#101) @​slawekjaranowski
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#94) @​Bukama
• Fix license/notice (#83) @​slawekjaranowski

Commits

• d18c596 [maven-release-plugin] prepare release maven-clean-plugin-3.5.0
• 5117885 Bump project to 3.5.0-SNAPSHOT version
• 7350dbe Configuration parameter for deleting read-only files
• bdf8c5d Bump org.apache.maven.resolver:maven-resolver-api from 1.9.22 to 1.9.23 (#251)
• d720e18 Update README in 3.x branch
• 6c0745c Bump org.codehaus.plexus:plexus-testing from 1.4.0 to 1.5.0
• 5dedab5 fix
• c22ab2d Bump org.apache.maven.plugins:maven-plugins from 43 to 44
• 68f2009 [maven-release-plugin] prepare for next development iteration
• 8211bc5 [maven-release-plugin] prepare release maven-clean-plugin-3.4.1
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0

Release notes

Sourced from org.apache.maven.plugins:maven-site-plugin's releases.

3.22.0

🚀 New features and improvements

• Upgrade to Doxia 2.1.0 (#1269) @​kwin
• Upgrade to Doxia Site Tools 2.1.0 (1b3cff6) @​kwin
• Add blocking "auto-refresh" goal (#1267) @​kwin
• Allow to give alternative source directories (1b3cff6) @​kwin
• Throw UOE for unsupported MultiPageSinkFactory.createSink(...) overloads (a27b283) @​kwin

📝 Documentation updates

• Several site improvements (#1272) @​kwin
• Convert Site source from APT to Markdown (#1265) @​kwin

👻 Maintenance

• Fix GitHub CI configuration on new master (#1257) @​slawekjaranowski
• remove missing module (#1258) @​hboutemy
• [MSITE-977] - Remove broken links (#211) (#1256) @​hboutemy
• chore: Migrate Junit3/4 to Junit5 (#1243) @​slawekjaranowski
• Allow to manually execute release drafter (#236) @​slawekjaranowski
• Enable GitHub Issues (Maven 3) (#234) @​Bukama
• Drop additional configuration for requirementsHistories (#221) @​slawekjaranowski
• Convert to Guice injection (#218) @​elharo
• [MSITE-986] Refresh download page (12c8a9d0) @​yuhaowin
• Rename "Goals" to "Plugin Documentation" (f489a1e) @​Bukama

📦 Dependency updates

• Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1271) @dependabot[bot]
• Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /src/it/projects/MSITE-497/apps/app (#1263) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#1268) @dependabot[bot]
• Backport Update to parent 47 to 3.x branch (#1235) (#1237) @​Bukama
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1225) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.5 to 3.6.6 (#1212) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#1207) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.4 (#1203) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#1204) @dependabot[bot]
• Bump jettyVersion from 9.4.56.v20240826 to 9.4.58.v20250814 (#1194) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1193) @dependabot[bot]

Commits

• f9f7cc6 [maven-release-plugin] prepare release maven-site-plugin-3.22.0
• f7b57ea Bump org.codehaus.plexus:plexus-interactivity-api from 1.3 to 1.5.1
• 282aa04 Several site improvements (#1272)
• 55ebd9f Upgrade to Doxia 2.1.0
• 93ecbb6 Improve goal description
• 106d259 Improve error messages
• a7511e9 Fix additional PR comments
• c3c1c0f Rename from "hot-reload" to "auto-refresh"
• 5fb1504 Add blocking "hot-reload" goal
• 2d9a489 Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1271)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-resources-plugin's releases.

3.5.0

• Cleanup deps (#463) @​cstamas

🚀 New features and improvements

• Bug: use change detecton strategies (#462) @​cstamas

👻 Maintenance

• Add IT for #444 issue (#446) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#449) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#447) @​slawekjaranowski

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#461) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 45 to 47 (#459) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#457) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#452) @dependabot[bot]

3.4.0

🚀 New features and improvements

• Enable GitHub Issues (#98) @​slawekjaranowski

📝 Documentation updates

• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#89) @​Bukama
• [MRESOURCES-299] - Be more accurate on using filtering element (#80) @​pzygielo
• Don't bother with very old versions (#59) @​elharo

👻 Maintenance

• Migrate site to Doxia 2 (#440) @​slachiewicz
• Bump Maven to 3.9.11 while keep prerequisites on 3.6.3 (#437) @​slachiewicz
• PlexusFileUtils Refaster recipes (#431) @​slachiewicz
• Add PR Automation action (#94) @​slawekjaranowski
• Improve release-drafter configuration (#93) @​slawekjaranowski
• Bump org.apache.maven.plugins:maven-plugins from 39 to 41 (#64) @dependabot[bot]
• Add dependency to slf4j-simple for test scope (#60) @​slachiewicz
• Use try with resources in integration test (#58) @​elharo
• reduce dependency scope of plexus-utils and commons-io (#57) @​elharo

📦 Dependency updates

• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#439) @dependabot[bot]
• Bump org.apache.maven.resolver:maven-resolver-api from 1.6.3 to 1.9.24 (#413) @dependabot[bot]
• Bump Maven to 3.9.11 while keep prerequisites on 3.6.3 (#437) @​slachiewicz

... (truncated)

Commits

• ce485a0 [maven-release-plugin] prepare release maven-resources-plugin-3.5.0
• bfadfff Use maven-filtering 3.5.0 (staged)
• 3f74ba2 Drop commons-io; unused
• caefcde Bug: use change detecton strategies (#462)
• 38534e3 Cleanup deps (#463)
• 0814ec7 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#461)
• e2f9135 Bump org.apache.maven.plugins:maven-plugins from 45 to 47 (#459)
• a050be3 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#457)
• 1825b2a Bump mavenVersion from 3.9.11 to 3.9.12 (#452)
• ad31b55 Add IT for #444 issue
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.3

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.3

🚀 New features and improvements

• Make bannedDependencies report root and transitive dependency in case both are banned. (#940) @​hvoynov
• Add enforceBytecodeVersion rule based on mojohaus (#968) @​cstamas
• Improve formatting of deprecated API warning (#951) @​mthmulders

🐛 Bug Fixes

• Fix handling of Java versions like 21.0.10.0.1 (#967) @​parttimenerd
• Add null checks for modelId in PluginWrapper (#974) @​cpfeiffer

📝 Documentation updates

• Document the banMavenDefaults option for the requirePluginVersions rule. (#936) @​rpkrajewski

👻 Maintenance

• PlexusStringUtils Refaster recipes (#943) @​slachiewicz
• JUnit Jupiter migration from JUnit 4.x (#941) @​slachiewicz

📦 Dependency updates

• Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /maven-enforcer-plugin/src/it/projects/MENFORCER-434 (#970) @dependabot[bot]
• Deps: Parent POM 48 and align deps (#979) @​cstamas
• Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975) @dependabot[bot]
• Bump mavenVersion from 3.9.14 to 3.9.15 (#973) @dependabot[bot]
• Bump mavenVersion from 3.9.13 to 3.9.14 (#965) @dependabot[bot]
• Bump mavenVersion from 3.9.12 to 3.9.13 (#964) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#963) @dependabot[bot]
• Update log4j in test to avoid CVE (#961) @​Bukama
• Bump commons-codec:commons-codec from 1.20.0 to 1.21.0 (#962) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#960) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#959) @dependabot[bot]
• Bump org.apache.maven:maven-parent from 46 to 47 (#958) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (#957) @dependabot[bot]
• Update to 46 including fixes (#955) @​Bukama
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.5.0 (#956) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#948) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#947) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#946) @dependabot[bot]
• Bump commons-codec:commons-codec from 1.19.0 to 1.20.0 (#945) @dependabot[bot]

3.6.2

🐛 Bug Fixes

• Use SessionData for cache storage (#930) @​slawekjaranowski

... (truncated)

Commits

• c7daff3 [maven-release-plugin] prepare release enforcer-3.6.3
• ee46e78 Make bannedDependencies report root and transitive dependency in case both ar...
• 0806924 Document the banMavenDefaults option for the requirePluginVersions rule. (#936)
• 8e4f5b9 Add better enforceBytecodeVersion rule based on mojohaus (#968)
• fd4b148 Add fix for 21.0.10.0.1 issue (#967)
• f32d597 Deps: Parent POM 48 and align deps (#979)
• df0f2a6 Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976)
• 2da7a68 Add null checks for modelId in PluginWrapper
• 91eb4d9 Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975)
• b622245 Bump mavenVersion from 3.9.14 to 3.9.15 (#973)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
• 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
• 04ad9a2 Use surefire 3.5.5 by project itself for testing
• 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
• a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
• e838393 deploy 3.5.x branch to nexus
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

• [MSOURCES-140] - fail only if re-attach different files (#24) @​hboutemy

👻 Maintenance

• Bump m-invoker-p to 3.9.1 (#251) @​slachiewicz
• Allow to manually execute release drafter (#58) @​slawekjaranowski
• GH Issues (Maven 3 branch) (#57) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @​Bukama

📦 Dependency updates

• Use plexus-utils version from parent (#252) @​slachiewicz
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]
• Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]
• [MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]
• [MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]
• [MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

Commits

• ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
• 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
• 7a9a770 [maven-release-plugin] prepare for next development iteration
• 292c1ce Use plexus-utils version from parent
• bf79b71 Bump m-invoker-p to 3.9.1
• 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
• a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
• 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
• ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8

Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.8

🐛 Bug Fixes

• Make empty classifier null (not empty string) (#287) @​cstamas

📝 Documentation updates

• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#129) @​Bukama
• Describe how to prime a specific GPG key (#128) @​kwin

👻 Maintenance

• Enable GitHub issues (#134) @​Bukama
• Prefer Guice constructor injection (#126) @​elharo

📦 Dependency updates

• Update parent POM to 45 (#284) @​cstamas
• Bump bouncycastleVersion from 1.78.1 to 1.80 (#127) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125) @dependabot[bot]
• Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1 (#131) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#124) @dependabot[bot]

Commits

• 8a46455 [maven-release-plugin] prepare release maven-gpg-plugin-3.2.8
• 7012821 Fix issueManagement, ciManagement system and url
• a9a8c84 Make empty classifier null (not empty string) (#287)
• a8368b0 Add .mvn
• f0e45e0 Update parent POM to 45 (#284)
• cb1236c Bump bouncycastleVersion from 1.78.1 to 1.80 (#127)
• 5377a10 Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133)
• 8b63932 Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125)
• 54ea518 Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1
• a6a412d Remove old JIRA issue link
• Additional commits viewable in compare view

Updates org.sonatype.central:central-publishing-maven-plugin from 0.7.0 to 0.10.0

Commits

• See full diff in compare view

Updates com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.1 to 0.26.1

Release notes

Sourced from com.github.siom79.japicmp:japicmp-maven-plugin's releases.

japicmp-base-0.26.1

• New change METHOD_RETURN_TYPE_COVARIANT_CHANGED #522

japicmp-base-0.26.0

• No NPE when using Markdown-Processsor with byte-based archive #516

japicmp-base-0.25.7

• Report incompatiblity in case a class changes from implementing a generic interface with raw types to concrete type parameters #507

japicmp-base-0.25.6

• No NPE in case of Maven artifacts without file #504

japicmp-base-0.25.5

0.25.5 (2026-04-09)

• getAnnotations() no longer returns empty list in case of removed members #497

japicmp-base-0.25.4

No release notes provided.

japicmp-base-0.25.3

No release notes provided.

japicmp-base-0.25.2

No release notes provided.

japicmp-base-0.25.1

No release notes provided.

Commits

• 9303487 [maven-release-plugin] prepare release japicmp-base-0.26.1
• a11fb26 upgraded version in *.md files to 0.26.1
• 831b0f1 Add release notes for version 0.26.1
• 2d6b2c8 Merge pull requ...

  Description has been truncated

[DemchaAV]

Build is failing because jackson-bom 2.22.0 references module jars that aren't published on Maven Central yet — jackson-core-2.22.0.jar returns 404 at repo1.maven.org. The BOM rolled out ahead of the actual artifacts; this is an upstream/Sonatype partial-sync issue, not a project regression.

Also pausing central-publishing-maven-plugin 0.10.0 for now — that's a 3-minor jump (0.7 → 0.10) on the plugin we just shipped 1.6.6 with (PR #97). We want a focused PR for that bump alone so we can validate the release profile against it before merging.

Telling Dependabot to skip these two and rebuild the group with the other 9 (especially logback-classic 1.5.34 — fixes CVE-2026-9828, deserialization whitelist bypass).

@dependabot ignore com.fasterxml.jackson:jackson-bom version 2.22.0
@dependabot ignore org.sonatype.central:central-publishing-maven-plugin version 0.10.0
@dependabot recreate

[DemchaAV]

Closing in favour of the freshly-merged .github/dependabot.yml ignore entries in #112. Dependabot's next group run will rebuild this PR with jackson-bom 2.22.0 and central-publishing-maven-plugin 0.10.0 skipped, leaving the other 9 bumps (notably the logback-classic CVE-2026-9828 fix) on a clean PR. Asking Dependabot to recreate now so we don't have to wait for the weekly Monday cycle.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

[DemchaAV]

@dependabot recreate

[dependabot]

Looks like this PR is closed. If the branch still exists, you can re-open the PR and then use @dependabot rebase or @dependabot recreate. If the branch was deleted, Dependabot will create a new PR on the next scheduled run, or you can trigger an update from the Dependency graph page.