)]}' { "log": [ { "commit": "8ab6a6140b93ae458d22a9286cefc01c050d97f6", "tree": "003cad5e82d43a59eaa5cf529555213bc8b062eb", "parents": [ "2c11aeed48926a35c74734af9aecab6b62069c88" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Mon Jun 08 17:39:50 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 08 17:39:50 2026 +0200" }, "message": "[MNG-11133] Fix mixin property precedence - mixins should override parent properties (#11141)\n\nEnsures that properties defined in mixins take precedence over properties\ninherited from parent POMs. The fix maintains correct consumer POM generation\nwhile properly resolving the mixin property precedence order." }, { "commit": "2c11aeed48926a35c74734af9aecab6b62069c88", "tree": "edeecc942a35dac86d8a456212777427a7e6e0bd", "parents": [ "3656bff80acbbaeb9836fdb8635ba786b119d53c" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Mon Jun 08 12:54:13 2026 +0000" }, "committer": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Mon Jun 08 12:54:13 2026 +0000" }, "message": "Fix #11973: Restore backward-compatible DefaultToolchain constructor\n\nAdd deprecated constructors accepting org.codehaus.plexus.logging.Logger\nto maintain binary compatibility with custom toolchain implementations\ncompiled against Maven 3.x.\n\nCloses #12238\n" }, { "commit": "3656bff80acbbaeb9836fdb8635ba786b119d53c", "tree": "a3a4e88779fc84fcb6c679d60587c6cc9dc85352", "parents": [ "bc227d39de2e63243171a925d776fca8fecee994" ], "author": { "name": "DavidTavoularis", "email": "76044026+DavidTavoularis@users.noreply.github.com", "time": "Mon Jun 08 12:49:13 2026 +0000" }, "committer": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Mon Jun 08 12:49:13 2026 +0000" }, "message": "[#11767] Fix consumer POM builder failing to resolve BOM imports from settings.xml profile repositories\n\nDefaultConsumerPomBuilder.buildModel() now passes repositories, profiles, and active profile IDs\nto the ModelBuilderRequest so that BOM imports from non-central repositories (e.g. defined in\nsettings.xml profiles) can be resolved during consumer POM transformation.\n\nDefaultModelBuilder.derive() now respects the request\u0027s repositories instead of always reusing\nthe parent session\u0027s, and caches the RepositoryFactory lookup.\n\nIncludes unit tests for both fixes and an integration test (gh-11767).\n\nContributed by DavidTavoularis\n\nCloses #11768\nFixes #11767\n" }, { "commit": "bc227d39de2e63243171a925d776fca8fecee994", "tree": "8e4c3085508e97aa56784a0cef03b5608062a058", "parents": [ "f2356c28b39548162ef53c69c94475e941cd07b3" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Jun 08 01:03:34 2026 +0000" }, "committer": { "name": "Sylwester Lachiewicz", "email": "slachiewicz@apache.org", "time": "Sun Jun 07 23:03:40 2026 -0400" }, "message": "Bump net.sourceforge.pmd:pmd-core from 7.24.0 to 7.25.0\n\nBumps [net.sourceforge.pmd:pmd-core](https://github.com/pmd/pmd) from 7.24.0 to 7.25.0.\n- [Release notes](https://github.com/pmd/pmd/releases)\n- [Commits](https://github.com/pmd/pmd/compare/pmd_releases/7.24.0...pmd_releases/7.25.0)\n\n---\nupdated-dependencies:\n- dependency-name: net.sourceforge.pmd:pmd-core\n dependency-version: 7.25.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e" }, { "commit": "f2356c28b39548162ef53c69c94475e941cd07b3", "tree": "56421c9ee703a78e8952e1cd7424a91078527f02", "parents": [ "8197c8b779c1618d4411ab5b3c9092d38be5da53" ], "author": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Mon Jun 01 19:21:10 2026 +0200" }, "committer": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Sun Jun 07 18:24:41 2026 +0200" }, "message": "Maven 3.9.16 - update doap file\n" }, { "commit": "8197c8b779c1618d4411ab5b3c9092d38be5da53", "tree": "defc84115a6ce4147f69f4803e3aa28d8ffa9751", "parents": [ "d58c96bc3601f1c56b077df50a0d29a9b0ec6b28" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri Mar 27 23:07:47 2026 +0000" }, "committer": { "name": "Sylwester Lachiewicz", "email": "slachiewicz@apache.org", "time": "Sun Jun 07 11:08:32 2026 -0400" }, "message": "Bump org.codehaus.plexus:plexus-utils\n\nBumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 3.5.1 to 4.0.3.\n- [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases)\n- [Commits](https://github.com/codehaus-plexus/plexus-utils/compare/plexus-utils-3.5.1...plexus-utils-4.0.3)\n\n---\nupdated-dependencies:\n- dependency-name: org.codehaus.plexus:plexus-utils\n dependency-version: 4.0.3\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e" }, { "commit": "d58c96bc3601f1c56b077df50a0d29a9b0ec6b28", "tree": "768b5712f1a40c0c44176acaa283c39b4506e2c8", "parents": [ "a166e3faad197502035de52d533f29bdf445f227" ], "author": { "name": "Hervé Boutemy", "email": "hboutemy@apache.org", "time": "Sat Jun 06 17:59:27 2026 +0200" }, "committer": { "name": "Hervé Boutemy", "email": "herve.boutemy@free.fr", "time": "Sat Jun 06 18:24:01 2026 +0200" }, "message": "fix reportSet inheritance in Maven 4 model building\n" }, { "commit": "a166e3faad197502035de52d533f29bdf445f227", "tree": "2b297dc9828f0eaca1b2389a9b12254fc9f796b6", "parents": [ "d0eae8adbc114297c6d8dd9bd0d37913c6640071" ], "author": { "name": "Anukalp", "email": "pandeyanukalp6@gmail.com", "time": "Fri May 22 22:43:49 2026 +0530" }, "committer": { "name": "Sylwester Lachiewicz", "email": "slachiewicz@apache.org", "time": "Sat Jun 06 05:25:25 2026 +0200" }, "message": "Fix Javadoc parameter description\n" }, { "commit": "d0eae8adbc114297c6d8dd9bd0d37913c6640071", "tree": "6bd9c6742a987c7c25ffd36cc98f7e0e74b6e6d1", "parents": [ "e48cb83eec1469ee020c9a0209dfd7bc31fa5876" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri Jun 05 07:30:00 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jun 05 07:30:00 2026 +0200" }, "message": "Bump net.bytebuddy:byte-buddy from 1.18.8 to 1.18.10 (#12241)\n\nBumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.18.8 to 1.18.10.\n- [Release notes](https://github.com/raphw/byte-buddy/releases)\n- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)\n- [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.18.8...byte-buddy-1.18.10)\n\n---\nupdated-dependencies:\n- dependency-name: net.bytebuddy:byte-buddy\n dependency-version: 1.18.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "e48cb83eec1469ee020c9a0209dfd7bc31fa5876", "tree": "e23ee9b20b78c3a45c385c195b8c9df23171e335", "parents": [ "dac6ab14a1cb9298ad8eec693ad3a4e22f8b24a2" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 20:26:27 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 20:26:27 2026 +0200" }, "message": "[GH-11772] Fail-fast consumer POM validation for non-4.0.0 model versions (#11780)\n\n* [GH-11772] Fail-fast consumer POM validation for non-4.0.0 model versions\n\nWhen a POM-packaged project (parent POM) uses Maven 4.1.0 features\nlike profile conditions that cannot be stripped during consumer POM\ntransformation, the build now fails fast with actionable guidance\ninstead of silently deploying a consumer POM that Maven 3 and Gradle\ncannot resolve.\n\nThe validation applies only to:\n- POM-packaged projects (parent POMs) on the non-flatten path\n- Projects without preserve.model.version\u003dtrue\n\nAlso adds a maven.consumer.pom.removeUnusedManagedDependencies property\n(default: true) to control whether unused managed dependencies are\nremoved during consumer POM flattening.\n\n* Refactor consumer POM validation error message to use text blocks\n\nConvert string concatenation in the consumer POM model version validation\nerror message to use Java text blocks for improved readability and\nmaintainability. The multi-line error message is now expressed as a\ntext block with .formatted() for parameter substitution.\n\nThis change affects the validation that ensures POM-packaged projects\ncan be downgraded to model version 4.0.0 for Maven 3/Gradle compatibility.\n\n* Fix Spotless formatting violation\n\nCo-Authored-By: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nCo-authored-by: Claude Code \u003cclaude@anthropic.com\u003e\nCo-authored-by: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e" }, { "commit": "dac6ab14a1cb9298ad8eec693ad3a4e22f8b24a2", "tree": "0f24893ecef282cc16baa5b8f9e20cbcee1deb46", "parents": [ "b4042581abdc2c37f600da280364d3a85abaaee9" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 20:26:06 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 20:26:06 2026 +0200" }, "message": "Fix Source.targetPath incorrectly aligned to basedir (#12206)\n\nThe DefaultModelPathTranslator was aligning Source.targetPath to the\nproject basedir, converting relative paths like \"META-INF/tags/rdc\"\ninto absolute paths. This caused maven-resources-plugin to copy\nresources to wrong locations (e.g., /META-INF/tags/rdc instead of\ntarget/classes/META-INF/tags/rdc).\n\nThe targetPath is relative to the output directory (target/classes or\ntarget/test-classes), not the project basedir, so it must not be\nresolved against basedir during model path translation.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "b4042581abdc2c37f600da280364d3a85abaaee9", "tree": "70b2d7441155138952c9443c32ed2a1898afb21e", "parents": [ "87775095e80fc88062f6de3c04523d90230a7f8a" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 17:55:49 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 17:55:49 2026 +0200" }, "message": "Fix #11856: Improve error message for prefix-based remote repository filtering errors (#11888)\n\n* Fix #11856: Improve error message for prefix-based remote repository filtering errors\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* Fix #11856: Mention both prefixes and groupId filters in error message\n\nThe ArtifactFilteredOutException can be triggered by either the prefixes\nor the groupId remote repository filter. Update the error message to\nmention both properties so users know which to disable.\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* Refactor: Convert error message string concatenation to text block\n\nReplace multi-line string concatenation with System.lineSeparator()\ncalls with a cleaner text block in DefaultExceptionHandler. The error\nmessage for ArtifactFilteredOutException now uses Java text blocks\n(triple-quoted strings) instead of the + operator, improving\nreadability and maintainability.\n\nCo-Authored-By: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\nCo-authored-by: Claude Code \u003cclaude@anthropic.com\u003e" }, { "commit": "87775095e80fc88062f6de3c04523d90230a7f8a", "tree": "c6e26670005c081c598315be4ff864820d8bfe4e", "parents": [ "98728cb5b39a022020b780cedeb2ca6257f54ea9" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 17:55:27 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 17:55:27 2026 +0200" }, "message": "Fix #11796: Preserve default-phases bindings for standard lifecycle phases (#11889)\n\nWhen a custom lifecycle registered via components.xml maps plugin goals\nto standard lifecycle phases (e.g., process-sources) via \u003cdefault-phases\u003e,\nthe LifecycleWrapperProvider now includes those entries as additional\nphases in the wrapped API Lifecycle. The v3phases() method is overridden\nto return only the custom lifecycle\u0027s own phases, ensuring computePhases()\nis unaffected while getDefaultPhases() correctly picks up the bindings.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "98728cb5b39a022020b780cedeb2ca6257f54ea9", "tree": "be4922c42223d8c3ad33076886a13185158e89c0", "parents": [ "bf5ee83fa315e3b173cdcb17fca5a5ede3f11d4c" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 17:55:07 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 17:55:07 2026 +0200" }, "message": "Fix @PreDestroy ClassNotFoundException from premature ClassRealm disposal (#11825)\n\n* [MNG-8572] Fix @PreDestroy ClassNotFoundException caused by premature ClassRealm disposal\n\nThe Plexus Disposable.dispose() lifecycle runs before Sisu\u0027s @PreDestroy\ncallbacks. When dispose() called flush(), it disposed ClassRealms before\n@PreDestroy methods on beans loaded from those realms could execute,\ncausing ClassNotFoundException.\n\nChange dispose() to only clear the cache map without disposing realms.\nThe flush() method (used for explicit cache clearing between builds)\nremains unchanged. ClassRealms are disposed when the PlexusContainer\nshuts down after all lifecycle callbacks complete.\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* Add test for dispose() vs flush() ClassRealm behavior\n\nVerifies that dispose() clears the cache without disposing ClassRealms\n(so @PreDestroy callbacks can still execute), while flush() disposes\nboth the cache and the realms.\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "bf5ee83fa315e3b173cdcb17fca5a5ede3f11d4c", "tree": "34da21fab7a3bad6c268dd352942a605f2013c05", "parents": [ "504785b7d3f16a3e6edd087cc56ef6874efdb05a" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 17:54:46 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 17:54:46 2026 +0200" }, "message": "[MNG-6772] Re-enable integration test for nested import scope repository override (#11826)\n\nThe test was disabled in 2021 after the fix was reverted twice.\nMaven 4\u0027s session-based architecture fixes the root cause: the new\nDefaultModelBuilder properly propagates user-configured repositories\n(including central overrides) through nested import scope resolution.\n\nBoth test scenarios (testitInProject and testitInDependency) now pass.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "504785b7d3f16a3e6edd087cc56ef6874efdb05a", "tree": "b0b39d69f84a3b9ae3cedc38edfbe9348ca77d24", "parents": [ "c7d96d3e5d4121ff05388b97a0de5c947ea2e354" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 10:44:46 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 10:44:46 2026 +0200" }, "message": "Fix mvnup effective model analysis for CI-friendly parent versions (#12205)\n\n* Fix mvnup effective model analysis for CI-friendly parent versions\n\nmvnup\u0027s PluginUpgradeStrategy copied POMs to a temp directory for\neffective model analysis. That temp directory lacked .mvn, so root\ndetection failed for child modules with ${revision} parent versions,\nproducing \"Parent POM is located above the root directory\" errors.\n\nEliminate the temp directory entirely — build effective models from\nthe original file paths, which already have proper .mvn and project\nstructure for root detection.\n\nAlso fix DefaultModelBuilder.doReadFileModel() to:\n- Enter the parent resolution block when parent version contains\n expressions (${revision}, etc.)\n- Only enforce isParentWithinRootDirectory when rootDirectory came\n from the session, not the fallback heuristic\n- Accept parent version match when version contains an expression\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* Fix Spotless formatting violation\n\nCo-Authored-By: Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "c7d96d3e5d4121ff05388b97a0de5c947ea2e354", "tree": "a820801fddc8b4e5b912e1a338a38cfa2b3b093e", "parents": [ "565c5b2ef35e20707902029510af75cbcfa27fd9" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 10:37:18 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 10:37:18 2026 +0200" }, "message": "Fix mvnup PLUGIN_UPGRADES inconsistencies for compiler and exec plugins (#12172)\n\nmaven-compiler-plugin was listed as 3.2.0 but Maven Central only has 3.2,\ncausing resolution failures. exec-maven-plugin had wrong groupId\n(org.apache.maven.plugins) and artifactId (maven-exec-plugin), inconsistent\nwith getPluginUpgradesMap() which correctly uses org.codehaus.mojo:exec-maven-plugin.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "565c5b2ef35e20707902029510af75cbcfa27fd9", "tree": "79baed13899ff87344ace08794a4e5e5f183874f", "parents": [ "13f160863f712abec7a796216cb38a43d544db0b" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 10:25:45 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 10:25:45 2026 +0200" }, "message": "Use effective model to resolve properties from remote parent POMs in mvnup (#12158)\n\nThe undefined property detection in CompatibilityFixStrategy only performed\nstatic analysis of reactor POMs, missing properties inherited from remote\nparent POMs. This caused valid dependencyManagement entries to be incorrectly\ncommented out, breaking child modules relying on them for version resolution.\n\nNow uses buildEffectiveModel to collect properties from the full parent chain,\nincluding remote parents resolved via relativePath or Maven repositories.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "13f160863f712abec7a796216cb38a43d544db0b", "tree": "5ed385ae3819b8ec677f07e86dbc8bbc785c8831", "parents": [ "c4efc192f64a409f810743d05a15dc4839e9cc6b" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 10:25:24 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 10:25:24 2026 +0200" }, "message": "Fix mvnup plugin upgrade for versions locked by parent\u0027s build/plugins (#12165)\n\nWhen a remote parent POM declares a plugin with an explicit version in\nbuild/plugins (not via pluginManagement), adding a pluginManagement\nentry in the child is insufficient — the parent\u0027s explicit version\ntakes precedence.\n\nThe analysis now compares each plugin\u0027s effective version in\nbuild/plugins against build/pluginManagement/plugins:\n- Same version: version comes from PM, pluginManagement override works\n- Different version (or absent from PM): explicit version in parent\u0027s\n plugins, needs a direct build/plugins entry to override\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "c4efc192f64a409f810743d05a15dc4839e9cc6b", "tree": "be69a697c5c16bccb482984d54f2089e3b9661e6", "parents": [ "7d10613e82e86554ceb5f7bae516df68fa250eec" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 10:24:27 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 10:24:27 2026 +0200" }, "message": "Remove invalid combine.self and combine.children attributes instead of converting them (#12160)\n\nMaven 3 silently ignored invalid combine.self and combine.children\nattribute values, so removing them entirely preserves actual Maven 3\nbehavior. Previously mvnup converted specific invalid values (e.g.\ncombine.self\u003d\"append\" → \"merge\"), which could miss other invalid values\nand subtly changed semantics. Now both fixers detect any invalid value\nagainst the full set of valid values (combine.self: override/merge/remove;\ncombine.children: append/merge), remove the attribute, and collect to a\nlist before mutating to avoid potential stream processing issues.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "7d10613e82e86554ceb5f7bae516df68fa250eec", "tree": "59ddb9d877c6d9b26be5e2917d6cab923dbf24b1", "parents": [ "c89ecbd8a9d4201eaa5828e5fed0f9de0a7b5c1a" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 10:23:48 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 10:23:48 2026 +0200" }, "message": "Bump scala-maven-plugin upgrade target from 4.9.2 to 4.9.5 (#12173)\n\nVersion 4.9.2 still calls add() on immutable lists returned by\nMaven 4 API. The fix (commit e6d922eb) landed in 4.9.5, the first\nversion published to Maven Central after the fix.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "c89ecbd8a9d4201eaa5828e5fed0f9de0a7b5c1a", "tree": "e9075022b0ba83ab88545d902443d858381f3246", "parents": [ "55ee0a3f71c986f8c2b630f4db67687fd7140f76" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 10:23:27 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 10:23:27 2026 +0200" }, "message": "Upgrade domtrip from 1.5.1 to 1.5.2 (#12174)\n\nFixes blank line idempotency in addBlankLineBefore/addBlankLineAfter,\nwhich caused duplicate blank lines on repeated mvnup runs, leading to\nSpotless formatting failures.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "55ee0a3f71c986f8c2b630f4db67687fd7140f76", "tree": "e9075022b0ba83ab88545d902443d858381f3246", "parents": [ "3741c6ff30fbc00ae755d5e240bf29c3fdff075b" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 10:22:14 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 10:22:14 2026 +0200" }, "message": "Use request properties consistently for CI-friendly version interpolation (#12184)\n\nThe model builder inconsistently used session properties for CI-friendly\nversion replacement and model property merging, while model interpolation\nused request properties. When user properties on the ModelBuilderRequest\ndiffer from the Session (e.g. -Drevision\u003d2.0.0 overriding a POM-defined\nrevision), ${revision} in dependency versions and distributionManagement\nwas not properly resolved.\n\nFix three places in DefaultModelBuilder to use request properties:\n- getPropertiesWithProfiles(): use request system+user properties\n instead of session.getEffectiveProperties()\n- doReadFileModel(): use request.getUserProperties() instead of\n session.getUserProperties() for model property and profile merging\n\nAlso fix DefaultConsumerPomBuilder.buildModel() to pass API Session\nproperties (iSession) instead of RepositorySystemSession properties\nto the model builder request, ensuring consumer POM builds have\naccess to the full set of user properties.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "3741c6ff30fbc00ae755d5e240bf29c3fdff075b", "tree": "666294990055be60f2cdd6c05f2db00af4553e7a", "parents": [ "df007ff7d040edd7c635ec18db2336e31d377706" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 10:22:10 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 10:22:10 2026 +0200" }, "message": "Bump exec-maven-plugin target to 3.5.0 and fix PLUGIN_UPGRADES inconsistencies (#12200)\n\n- exec-maven-plugin: bump from 3.2.0 to 3.5.0 (3.1.0 and earlier use\n MavenSession.getContainer() which returns null in Maven 4)\n- Fix PLUGIN_UPGRADES list: exec-maven-plugin had wrong groupId\n (org.apache.maven.plugins) and artifactId (maven-exec-plugin)\n- Fix compiler-plugin min version in PLUGIN_UPGRADES: 3.2.0 → 3.2\n (3.2.0 does not exist on Maven Central)\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "df007ff7d040edd7c635ec18db2336e31d377706", "tree": "953ea1b62f8d6414b1b164b0921e5acf3a0cdc90", "parents": [ "a52f476d75a192fa26733b01f6c403129ea81001" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu Jun 04 10:22:05 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 10:22:05 2026 +0200" }, "message": "Filter project repos with uninterpolated property expressions (#12204)\n\n* mvnup: comment out repositories with undefined property expressions\n\nProjects like uima-uimaj, opennlp-sandbox, and seatunnel-shade define\nrepositories with ${eclipseP2RepoId} in the repo ID. This property is\nnever defined — it was used as a literal string in Maven 3. Maven 4\nrejects it with IllegalArgumentException at runtime.\n\nExtend the mvnup compatibility fix strategy to detect and comment out\nrepositories and plugin repositories whose id or url contain undefined\nproperty expressions, following the same pattern used for dependencies\n(#12080). Handles both root-level and profile-level repositories.\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* Filter project repositories with uninterpolated property expressions\n\nWhen a project POM defines repositories with ${...} expressions that\ncannot be resolved (e.g. ${eclipseP2RepoId}), Maven 4 previously\nfailed with InternalErrorException. This change downgrades the model\nvalidation from ERROR to WARNING and filters such repositories before\nthey reach the resolver, logging a warning instead of failing the build.\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "a52f476d75a192fa26733b01f6c403129ea81001", "tree": "a011d8fff4e5f62011e0547ab3add48cb1f50ab5", "parents": [ "d2dab2cbdaad96a6b13c18430ae128d7e981a24b" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Jun 04 07:27:31 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 07:27:31 2026 +0200" }, "message": "Bump xmlunitVersion from 2.11.0 to 2.12.0 (#12190)\n\nBumps `xmlunitVersion` from 2.11.0 to 2.12.0.\n\nUpdates `org.xmlunit:xmlunit-core` from 2.11.0 to 2.12.0\n- [Release notes](https://github.com/xmlunit/xmlunit/releases)\n- [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md)\n- [Commits](https://github.com/xmlunit/xmlunit/compare/v2.11.0...v2.12.0)\n\nUpdates `org.xmlunit:xmlunit-matchers` from 2.11.0 to 2.12.0\n- [Release notes](https://github.com/xmlunit/xmlunit/releases)\n- [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md)\n- [Commits](https://github.com/xmlunit/xmlunit/compare/v2.11.0...v2.12.0)\n\n---\nupdated-dependencies:\n- dependency-name: org.xmlunit:xmlunit-core\n dependency-version: 2.12.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.xmlunit:xmlunit-matchers\n dependency-version: 2.12.0\n dependency-type: direct:development\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "d2dab2cbdaad96a6b13c18430ae128d7e981a24b", "tree": "f79f3dec4d95154b3f7da0d53d7f21d1a93e51ee", "parents": [ "52c4d437379221ad860a0a48de96a962aa986c24" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Jun 04 07:26:41 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 07:26:41 2026 +0200" }, "message": "Bump actions/checkout from 6.0.2 to 6.0.3 (#12207)\n\nBumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.\n- [Release notes](https://github.com/actions/checkout/releases)\n- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10)\n\n---\nupdated-dependencies:\n- dependency-name: actions/checkout\n dependency-version: 6.0.3\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "52c4d437379221ad860a0a48de96a962aa986c24", "tree": "fb98a8bc49a9c9f844cee0bdd6e22174fbcab2fb", "parents": [ "15d19f2f623fc6e2e5489552913215f24e920c60" ], "author": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Mon Jun 01 18:55:42 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 01 18:55:42 2026 +0200" }, "message": "Refactor JUnit extensions to avoid using static fields. (#11829)\n\nStatic filed in Junit extension can impact on tests executed in parallel.\nFor static methods preserver current test context in local thread." }, { "commit": "15d19f2f623fc6e2e5489552913215f24e920c60", "tree": "2214bd1bfbe452794c7a93315f6b8572d720dc41", "parents": [ "70d2e605433fe317448c718e90edca2020413ba2" ], "author": { "name": "Tamas Cservenak", "email": "tamas@cservenak.net", "time": "Fri May 29 21:50:07 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 29 21:50:07 2026 +0200" }, "message": "Feat: Pull out maven-executor into its own project (#12004)\n\nThe main goal of `maven-executor` is ability to execute Maven 3/4 in \"embedded\" and \"forked\" mode, and has not related with Maven release lifecycle itself (and is dependency-less as well). So, let\u0027s move it out into own project.\n\nhttps://github.com/apache/maven-executor\n\nThe new library executes Maven in:\n* forked or embedded mode, but introduces other providers as well\n* supports Maven 3 and 4\n* the main `maven-executor` module is Java 8, dependency-less library (is MR-JAR, and on 9+ is modular and provides ToolProvider SPI integration as well)" }, { "commit": "70d2e605433fe317448c718e90edca2020413ba2", "tree": "ddce8d621e01368b9f74afa41700f5988632013b", "parents": [ "763a243ea32c715226d5d9dcebb493caebfaaa7b" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri May 29 09:25:16 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 29 09:25:16 2026 +0200" }, "message": "Bump com.github.siom79.japicmp:japicmp-maven-plugin (#12168)\n\nBumps [com.github.siom79.japicmp:japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.25.7 to 0.26.1.\n- [Release notes](https://github.com/siom79/japicmp/releases)\n- [Changelog](https://github.com/siom79/japicmp/blob/master/release.py)\n- [Commits](https://github.com/siom79/japicmp/compare/japicmp-base-0.25.7...japicmp-base-0.26.1)\n\n---\nupdated-dependencies:\n- dependency-name: com.github.siom79.japicmp:japicmp-maven-plugin\n dependency-version: 0.26.1\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "763a243ea32c715226d5d9dcebb493caebfaaa7b", "tree": "53fb15244eae432c73f815ba1f3d12118e842454", "parents": [ "431bb396ff975cbbbc57313e3ce52950f612867f" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri May 29 09:24:19 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 29 09:24:19 2026 +0200" }, "message": "Bump domtripVersion from 1.5.1 to 1.5.2 (#12183)\n\nBumps `domtripVersion` from 1.5.1 to 1.5.2.\n\nUpdates `eu.maveniverse.maven.domtrip:domtrip-core` from 1.5.1 to 1.5.2\n- [Release notes](https://github.com/maveniverse/domtrip/releases)\n- [Commits](https://github.com/maveniverse/domtrip/compare/1.5.1...1.5.2)\n\nUpdates `eu.maveniverse.maven.domtrip:domtrip-maven` from 1.5.1 to 1.5.2\n- [Release notes](https://github.com/maveniverse/domtrip/releases)\n- [Commits](https://github.com/maveniverse/domtrip/compare/1.5.1...1.5.2)\n\n---\nupdated-dependencies:\n- dependency-name: eu.maveniverse.maven.domtrip:domtrip-core\n dependency-version: 1.5.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: eu.maveniverse.maven.domtrip:domtrip-maven\n dependency-version: 1.5.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "431bb396ff975cbbbc57313e3ce52950f612867f", "tree": "3a181ec3ad66292e1a4e5e56fd26c291db2664c5", "parents": [ "5583525a1d3a06583b2c26d3774c129ef76227da" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 26 23:43:19 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 26 23:43:19 2026 +0200" }, "message": "Fix mvnup recommending non-existent maven-enforcer-plugin:3.5.2 (#12155)\n\nThe enforcer plugin has no 3.5.2 release (versions go 3.5.0 -\u003e 3.6.0).\nThe version was confused with maven-surefire-plugin which does have 3.5.2.\nChanged the recommended minimum to 3.5.0, which is a real release.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "5583525a1d3a06583b2c26d3774c129ef76227da", "tree": "e374f7a9822f3a1164067841041395b0adbdcf30", "parents": [ "b50f8978f7b44c908cac2662b6b7c4f827c4b3ea" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 26 16:11:30 2026 +0200" }, "committer": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 26 22:28:17 2026 +0200" }, "message": "Fix #12080: mvnup - comment out dependencies with undefined property expressions\n\nComment out dependencies whose version uses a property expression that\nis not defined in any POM in the reactor. Scans \u003cproperties\u003e sections\nincluding those in profiles. Well-known properties (project.*, env.*,\nmaven.*, etc.) are excluded from the check.\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "b50f8978f7b44c908cac2662b6b7c4f827c4b3ea", "tree": "a9008b8ee6d95d92ebb992e0ce8d5f013100da22", "parents": [ "17d7e4611354e57a49e5389b27b2b27f742d5b08" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 26 16:11:24 2026 +0200" }, "committer": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 26 22:28:17 2026 +0200" }, "message": "Extract shared session infrastructure into AbstractUpgradeStrategy\n\nMove Maven session management (getSession, createMaven4Session,\nTransporterFactoryConfig, temp directory helpers, buildEffectiveModel)\nfrom PluginUpgradeStrategy into AbstractUpgradeStrategy to enable\nreuse across strategies.\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n" }, { "commit": "17d7e4611354e57a49e5389b27b2b27f742d5b08", "tree": "6678abc98301d35f83e3bc583309f670d6d5fdcc", "parents": [ "e568c73876e5b1d92481252e3bf78dc054c4c16f" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon May 25 20:35:01 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 25 20:35:01 2026 +0200" }, "message": "Bump org.ow2.asm:asm from 9.10 to 9.10.1 (#12149)\n\nBumps org.ow2.asm:asm from 9.10 to 9.10.1.\n\n---\nupdated-dependencies:\n- dependency-name: org.ow2.asm:asm\n dependency-version: 9.10.1\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "e568c73876e5b1d92481252e3bf78dc054c4c16f", "tree": "80bebbc611aac03cfde88914adbce209a26439d4", "parents": [ "b3ece83a062a456ec11e5510c74a567f145ae2fd" ], "author": { "name": "Martin Desruisseaux", "email": "martin.desruisseaux@geomatys.com", "time": "Sat May 23 14:07:09 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat May 23 14:07:09 2026 +0200" }, "message": "Nuance the message about filename-based automodules detected on the module path (#11857)\n\nNuance the message about filename-based automodules detected on the module path.\nInstead of \"Please don\u0027t publish this project to a public artifact repository\", said\n\"This project may not work if consumers use these dependencies with different filenames.\"\".\n\nCo-authored-by: Guillaume Nodet \u003cgnodet@gmail.com\u003e" }, { "commit": "b3ece83a062a456ec11e5510c74a567f145ae2fd", "tree": "d4701b228845450f4c3bbe24a154d29b116834ba", "parents": [ "b44a6d2dda27a47070c4bcddd7a5dd91224be1d8" ], "author": { "name": "cui", "email": "cuiweixie@gmail.com", "time": "Sat May 23 13:28:24 2026 +0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat May 23 07:28:24 2026 +0200" }, "message": "fix: error \u003d\u003d null to error !\u003d null in isError (#11733)\n\n* fix: error \u003d\u003d null to error !\u003d null in isError\n\n* feat: add regresion test" }, { "commit": "b44a6d2dda27a47070c4bcddd7a5dd91224be1d8", "tree": "68a20b70f11ae97c9e04cea3d1213f8be35dbe37", "parents": [ "da5bf8b5fef41d8613bfdfd9a847c721c306716f" ], "author": { "name": "Abhishek Chauhan", "email": "60182103+abhu85@users.noreply.github.com", "time": "Sat May 23 10:58:21 2026 +0530" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat May 23 07:28:21 2026 +0200" }, "message": "Fix gh-11740: Add missing null check in validateProfileId() (#11741)\n\nThe validateProfileId() method was missing a null check before calling\nvalidProfileIds.contains(id). Since validProfileIds uses\nConcurrentHashMap.newKeySet() which doesn\u0027t allow null keys, a null\nprofile ID would cause a NullPointerException instead of a proper\nvalidation error.\n\nThis makes validateProfileId() consistent with validateCoordinateId()\nwhich already has the null check.\n\nFixes #11740\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "da5bf8b5fef41d8613bfdfd9a847c721c306716f", "tree": "e2d64a395a362b8c26f759b485b4f9a9afadea28", "parents": [ "6753e1d57b5affc744b06ab1aa63dd6039d9a2c9" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu May 21 15:29:09 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 21 15:29:09 2026 +0200" }, "message": "Bump eu.maveniverse.maven.mimir:testing from 0.11.3 to 0.11.4 (#12140)\n\n* Bump eu.maveniverse.maven.mimir:testing from 0.11.3 to 0.11.4\n\nBumps [eu.maveniverse.maven.mimir:testing](https://github.com/maveniverse/mimir) from 0.11.3 to 0.11.4.\n- [Release notes](https://github.com/maveniverse/mimir/releases)\n- [Commits](https://github.com/maveniverse/mimir/compare/release-0.11.3...release-0.11.4)\n\n---\nupdated-dependencies:\n- dependency-name: eu.maveniverse.maven.mimir:testing\n dependency-version: 0.11.4\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\n\n* Align MIMIR_VERSION with testing dependency\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* Add cross-reference comments between mimir versions\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* Add CI check for Mimir version alignment between pom.xml and workflow\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e\nCo-authored-by: Guillaume Nodet \u003cgnodet@gmail.com\u003e\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "6753e1d57b5affc744b06ab1aa63dd6039d9a2c9", "tree": "0359f76b37ef0ba9b6e59e927366f2d38effbc0b", "parents": [ "b9d73e0acb0f39b604795fb0d1cea8e13bb00a79" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu May 21 00:25:18 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 21 00:25:18 2026 +0200" }, "message": "Fix domtrip API breakage after 1.5.1 upgrade (#12139)\n\nThe children(String) method was renamed to childElements(String)\nin domtrip 1.5.1, causing a compilation failure.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "b9d73e0acb0f39b604795fb0d1cea8e13bb00a79", "tree": "92ecb31ff6e79bdeb0a0cb4779f5b279c571bff8", "parents": [ "5e5bf758f326fd9706ba7a7eeea4a325c69db6fe" ], "author": { "name": "Uğur Tafralı", "email": "tafraliugur@gmail.com", "time": "Thu May 21 00:23:06 2026 +0300" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 23:23:06 2026 +0200" }, "message": "Add comprehensive Javadoc to XmlNodeBuilder (#11925)\n\nDocument the multi-document stream reading behavior, whitespace\ntrimming semantics, empty vs self-closing element handling, and\nchild-vs-text-value semantics. Also document all public build()\noverloads and the InputLocationBuilder interface.\n\nCloses #11526" }, { "commit": "5e5bf758f326fd9706ba7a7eeea4a325c69db6fe", "tree": "0c904553f73a236411c91faedc8c02cdc3d069c3", "parents": [ "f101f3fc0787028d52e0927ed41dcba524d207c2" ], "author": { "name": "Stefan Oehme", "email": "st.oehme@gmail.com", "time": "Wed May 20 23:13:18 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 23:13:18 2026 +0200" }, "message": "Fix logging setup/teardown order (#11901)\n\nReorder ProjectBuildLogAppender registration in LookupInvoker so that\nit is added to the closeables list after the terminal setup. Since\ncloseables are closed in reverse order (LIFO), this ensures the log\nsink is deregistered before the terminal is torn down, preventing\nStackOverflowErrors during shutdown.\n\nCloses #11901" }, { "commit": "f101f3fc0787028d52e0927ed41dcba524d207c2", "tree": "2133c312239053a367e89f798d73bc021511d8d0", "parents": [ "8115238b1a8bb3460507a849350105f3e3c85337" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Wed May 20 19:12:50 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 19:12:50 2026 +0200" }, "message": "Fix #12086: filter transitive repos and deps with uninterpolated expressions (#12088)\n\nAfter populateResult() in DefaultArtifactDescriptorReader, filter out\nrepositories with uninterpolated IDs/URLs and dependencies with\nuninterpolated groupId/artifactId/version. This is defense-in-depth\non top of the mergeRepositories filter in DefaultModelBuilder\n(commit 9332ad3d55), catching entries that reach the artifact\ndescriptor reader through any code path.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "8115238b1a8bb3460507a849350105f3e3c85337", "tree": "0b54a47596fe09f9af6e66004eb2cd8e87d2348e", "parents": [ "d9707470aa31bb95b181b4dba4da932fbd3693cc" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed May 20 17:43:12 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 17:43:12 2026 +0200" }, "message": "Bump asmVersion from 9.9.1 to 9.10 (#12128)\n\nBumps `asmVersion` from 9.9.1 to 9.10.\n\nUpdates `org.ow2.asm:asm` from 9.9.1 to 9.10\n\nUpdates `org.ow2.asm:asm-commons` from 9.9.1 to 9.10\n\nUpdates `org.ow2.asm:asm-util` from 9.9.1 to 9.10\n\n---\nupdated-dependencies:\n- dependency-name: org.ow2.asm:asm\n dependency-version: \u00279.10\u0027\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.ow2.asm:asm-commons\n dependency-version: \u00279.10\u0027\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.ow2.asm:asm-util\n dependency-version: \u00279.10\u0027\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "d9707470aa31bb95b181b4dba4da932fbd3693cc", "tree": "8ad8b1489ecfce004d2cb0674986a775b793b6c1", "parents": [ "8d918723d5783768904ba1c987cd7a752d9a5fa2" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed May 20 17:42:54 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 17:42:54 2026 +0200" }, "message": "Bump com.fasterxml.woodstox:woodstox-core from 7.1.1 to 7.2.0 (#12129)\n\nBumps [com.fasterxml.woodstox:woodstox-core](https://github.com/FasterXML/woodstox) from 7.1.1 to 7.2.0.\n- [Commits](https://github.com/FasterXML/woodstox/compare/woodstox-core-7.1.1...woodstox-core-7.2.0)\n\n---\nupdated-dependencies:\n- dependency-name: com.fasterxml.woodstox:woodstox-core\n dependency-version: 7.2.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "8d918723d5783768904ba1c987cd7a752d9a5fa2", "tree": "5bae4d4c157037c3fac65c7f724d15f8fd9c1efe", "parents": [ "bbc4aaf385d998b32b78d59784b7b77144ec97c8" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Wed May 20 16:30:44 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 16:30:44 2026 +0200" }, "message": "Fix incompatible extensions in mvnup for Maven 4 compatibility (#12120)\n\nAdd extension handling to mvnup that automatically fixes known\nMaven 4-incompatible extensions in .mvn/extensions.xml:\n\n- Replace os-maven-plugin (kr.motd.maven) with Maveniverse Nisse\n (eu.maveniverse.maven.nisse:extension:0.4.4) which works with\n both Maven 3 and 4. Also adds -Dnisse.compat.osDetector to\n .mvn/maven.config for drop-in compatibility.\n\n- Remove Develocity/Gradle Enterprise extensions (com.gradle)\n which depend on org.slf4j.impl.SimpleLogger not available in\n Maven 4.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "bbc4aaf385d998b32b78d59784b7b77144ec97c8", "tree": "2ba8554186fbdc788967b36b7504af6c97604d66", "parents": [ "66e3222059396bab3b5a46869aa11ffe55a4e50d" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Wed May 20 16:30:36 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 16:30:36 2026 +0200" }, "message": "mvnup: upgrade enforcer plugin minimum and add new plugin upgrades (#12119)\n\nUpgrade maven-enforcer-plugin minimum from 3.0.0 to 3.5.2 because\nversions before 3.5.2 use the removed PluginParameterExpressionEvaluator\n6-arg constructor, causing NoSuchMethodError with Maven 4.\n\nAdd new plugin upgrades for Maven 4 compatibility:\n- net.alchim31.maven:scala-maven-plugin minimum 4.9.2 (older versions\n call add() on immutable lists returned by Maven 4 API)\n- maven-resources-plugin minimum 3.3.1 (beta/RC versions compiled\n against different Maven 4 API signatures)\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "66e3222059396bab3b5a46869aa11ffe55a4e50d", "tree": "775b9eb3a531257bcf3161a88e3d11beb49be133", "parents": [ "bb28b1748c5642e7486a84cd15ba40544a251b90" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Wed May 20 16:30:28 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 16:30:28 2026 +0200" }, "message": "Fix mvnup to replace deprecated ${basedir} in repository URLs (#12105)\n\nMaven 4 validates that repository URLs are fully interpolated\n(MNG-8677, PR #2158). When a POM uses ${basedir} or ${pom.basedir}\nin repository URLs, this can fail validation since these are\ndeprecated forms that may not be interpolated in all contexts.\n\nThe compatibility fix strategy now replaces ${basedir} and\n${pom.basedir} with the canonical ${project.basedir} form in\nrepository and pluginRepository URL elements, including those\ninside profiles.\n\nSee: https://github.com/gnodet/maven4-testing/issues/13299\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "bb28b1748c5642e7486a84cd15ba40544a251b90", "tree": "8f030091da07cdfc74cdda50a225adaf2c232661", "parents": [ "cd78eb56d6d9be1d8a5552fe840d9340017ef8db" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Wed May 20 16:29:27 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 16:29:27 2026 +0200" }, "message": "Filter transitive dependencies with uninterpolated expressions (#12084)\n\nWhen a transitive dependency POM contains dependencies with\nuninterpolated property expressions (e.g., ${osgi.version}), the\nMavenValidator.validateDependency() throws IllegalArgumentException\nduring dependency collection.\n\nFilter out such dependencies in DefaultArtifactDescriptorReader\n.populateResult() before they reach the resolver/validator, following\nthe same pattern used for transitive repositories with uninterpolated\nIDs/URLs (commit 9332ad3d55).\n\nThis is safe because invalid dependencies from build POMs have already\nbeen rejected during model validation. Uninterpolated expressions in\ntransitive dependency POMs indicate undefined properties in those\nthird-party POMs that cannot be resolved.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "cd78eb56d6d9be1d8a5552fe840d9340017ef8db", "tree": "70af8f08c65d39ffec27f57375c4009441ac97cc", "parents": [ "2ea66c89ed5fc2763b184c3938ea660e767bbc6d" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed May 20 15:03:45 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 15:03:45 2026 +0200" }, "message": "Bump org.junit:junit-bom from 6.0.3 to 6.1.0 (#12130)\n\nBumps [org.junit:junit-bom](https://github.com/junit-team/junit-framework) from 6.0.3 to 6.1.0.\n- [Release notes](https://github.com/junit-team/junit-framework/releases)\n- [Commits](https://github.com/junit-team/junit-framework/compare/r6.0.3...r6.1.0)\n\n---\nupdated-dependencies:\n- dependency-name: org.junit:junit-bom\n dependency-version: 6.1.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "2ea66c89ed5fc2763b184c3938ea660e767bbc6d", "tree": "d44898139ea1d1a51927d19f0f4ab55bf0669001", "parents": [ "ef8ae39f6d5d917b74d78b030eec5d84359cbc46" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed May 20 14:59:41 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 14:59:41 2026 +0200" }, "message": "Bump jlineVersion from 4.0.14 to 4.1.0 (#12017)\n\n* Bump jlineVersion from 4.0.14 to 4.1.0\n\nBumps `jlineVersion` from 4.0.14 to 4.1.0.\n\nUpdates `org.jline:jline-reader` from 4.0.14 to 4.1.0\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.14...4.1.0)\n\nUpdates `org.jline:jline-style` from 4.0.14 to 4.1.0\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.14...4.1.0)\n\nUpdates `org.jline:jline-builtins` from 4.0.14 to 4.1.0\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.14...4.1.0)\n\nUpdates `org.jline:jline-console` from 4.0.14 to 4.1.0\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.14...4.1.0)\n\nUpdates `org.jline:jline-console-ui` from 4.0.14 to 4.1.0\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.14...4.1.0)\n\nUpdates `org.jline:jline-terminal` from 4.0.14 to 4.1.0\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.14...4.1.0)\n\nUpdates `org.jline:jline-terminal-ffm` from 4.0.14 to 4.1.0\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.14...4.1.0)\n\nUpdates `org.jline:jline-terminal-jni` from 4.0.14 to 4.1.0\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.14...4.1.0)\n\nUpdates `org.jline:jline-native` from 4.0.14 to 4.1.0\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.14...4.1.0)\n\nUpdates `org.jline:jansi-core` from 4.0.14 to 4.1.0\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.14...4.1.0)\n\n---\nupdated-dependencies:\n- dependency-name: org.jline:jline-reader\n dependency-version: 4.1.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.jline:jline-style\n dependency-version: 4.1.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.jline:jline-builtins\n dependency-version: 4.1.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.jline:jline-console\n dependency-version: 4.1.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.jline:jline-console-ui\n dependency-version: 4.1.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.jline:jline-terminal\n dependency-version: 4.1.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.jline:jline-terminal-ffm\n dependency-version: 4.1.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.jline:jline-terminal-jni\n dependency-version: 4.1.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n- dependency-name: org.jline:jline-native\n dependency-version: 4.1.0\n dependency-type: direct:development\n update-type: version-update:semver-minor\n- dependency-name: org.jline:jansi-core\n dependency-version: 4.1.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\n\n* Add setSize(Sized) to FastTerminal for JLine 4.1.0 compatibility\n\nJLine 4.1.0 introduced the Sized interface and added a new abstract\nsetSize(Sized) method to Terminal. Implement it in FastTerminal.\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n\n---------\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e\nCo-authored-by: Guillaume Nodet \u003cgnodet@gmail.com\u003e\nCo-authored-by: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e" }, { "commit": "ef8ae39f6d5d917b74d78b030eec5d84359cbc46", "tree": "ba77a9e20a8077b8b6c4cfa776ed5415dfbbefe0", "parents": [ "30ce01c7146787ec5d277b843aab025502509db9" ], "author": { "name": "Tamas Cservenak", "email": "tamas@cservenak.net", "time": "Wed May 20 13:29:44 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 13:29:44 2026 +0200" }, "message": "Resolver 2018 (#12112)\n\nBumps `resolverVersion` from 2.0.16 to 2.0.18. Also some related changes.\n\nChanges:\n* updates Resolver to 2.0.18\n* dropped any existing filter building, is happening now in new component in Resolver 2.0.18 (same as in Maven 3.10.x)\n* user configured filter is NOT applied to plugin resolution\n* Legacy code uses `LegacyTrackingFileManager` the rest `TrackingFileManagerSupplier`\n* Expose `RepositorySystemSession` as session scoped, same as Maven 3.10.x (in fact, Maven 3.9.x did seed it, but Module by mistake never exposed it -- this is one of changes in Maven 3.10.x)" }, { "commit": "30ce01c7146787ec5d277b843aab025502509db9", "tree": "46892a512d2b31322673025b1da45b7837d4675d", "parents": [ "2c317cbe71b98b7a8195e2dc91bd5fb13f57cbac" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed May 20 11:22:25 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 11:22:25 2026 +0200" }, "message": "Bump org.codehaus.plexus:plexus-classworlds from 2.11.0 to 2.12.0 (#12124)\n\nBumps [org.codehaus.plexus:plexus-classworlds](https://github.com/codehaus-plexus/plexus-classworlds) from 2.11.0 to 2.12.0.\n- [Release notes](https://github.com/codehaus-plexus/plexus-classworlds/releases)\n- [Commits](https://github.com/codehaus-plexus/plexus-classworlds/compare/plexus-classworlds-2.11.0...plexus-classworlds-2.12.0)\n\n---\nupdated-dependencies:\n- dependency-name: org.codehaus.plexus:plexus-classworlds\n dependency-version: 2.12.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "2c317cbe71b98b7a8195e2dc91bd5fb13f57cbac", "tree": "ddcdf95b652c35919ab6e81ef69c1caf660234c4", "parents": [ "3e38c39b60199cbf2eef32a8b401752cd1551f34" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed May 20 10:12:38 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 10:12:38 2026 +0200" }, "message": "Bump domtripVersion from 0.4.1 to 1.5.1 (#12057)\n\n* Bump domtripVersion from 0.4.1 to 1.5.1\n\nBumps `domtripVersion` from 0.4.1 to 1.5.1.\n\nUpdates `eu.maveniverse.maven.domtrip:domtrip-core` from 0.4.1 to 1.5.1\n- [Release notes](https://github.com/maveniverse/domtrip/releases)\n- [Commits](https://github.com/maveniverse/domtrip/compare/release-0.4.1...1.5.1)\n\nUpdates `eu.maveniverse.maven.domtrip:domtrip-maven` from 0.4.1 to 1.5.1\n- [Release notes](https://github.com/maveniverse/domtrip/releases)\n- [Commits](https://github.com/maveniverse/domtrip/compare/release-0.4.1...1.5.1)\n\n---\nupdated-dependencies:\n- dependency-name: eu.maveniverse.maven.domtrip:domtrip-core\n dependency-version: 1.5.0\n dependency-type: direct:production\n update-type: version-update:semver-major\n- dependency-name: eu.maveniverse.maven.domtrip:domtrip-maven\n dependency-version: 1.5.0\n dependency-type: direct:production\n update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\n\n* Adapt mvnup code to DomTrip 1.5.1 API changes\n\n- Rename .child()/.children() to .childElement()/.childElements()\n- Rename removeNode() to removeChild()\n- Use GAV-string keyed map for Coordinates deduplication since\n Coordinates no longer provides equals/hashCode\n- Add field-by-field coordinatesMatch() for reactor parent lookup\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e\nCo-authored-by: Guillaume Nodet \u003cgnodet@gmail.com\u003e\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "3e38c39b60199cbf2eef32a8b401752cd1551f34", "tree": "4d29cd98ca7637cafb3a2705334c64aa72019d79", "parents": [ "8df3ae6ff70680f510cce09b40357952fac95b31" ], "author": { "name": "Abhishek Chauhan", "email": "60182103+abhu85@users.noreply.github.com", "time": "Wed May 20 10:23:13 2026 +0530" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 06:53:13 2026 +0200" }, "message": "Fix #11899: Default addLocationInformation to false in Settings and Toolchains XML writers (#11984)\n\n* Fix gh-11899: Default addLocationInformation to false in Settings and Toolchains XML writers\n\nDefaultSettingsXmlFactory.write() and DefaultToolchainsXmlFactory.write()\nalways emitted InputLocation comments (e.g. \u003c!-- /path/to/settings.xml:163 --\u003e)\nbecause they created bare StaxWriter instances whose addLocationInformation\nfield defaults to true, and never called setAddLocationInformation(false).\n\nAlign both factories with DefaultModelXmlFactory.write(), which correctly\ndefaults location tracking to false and only enables it when an explicit\ninputLocationFormatter is provided via XmlWriterRequest.\n\nFixes #11899\n\n* Add tests for DefaultSettingsXmlFactory location tracking behavior\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* Add DefaultToolchainsXmlFactory test and strengthen assertions\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nCo-authored-by: Abhishek Chauhan \u003cabhu85@users.noreply.github.com\u003e\nCo-authored-by: Guillaume Nodet \u003cgnodet@gmail.com\u003e\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "8df3ae6ff70680f510cce09b40357952fac95b31", "tree": "9e1277297a7533219a0f9823c8ca97b55e7e0bba", "parents": [ "e6a9c4216be045fdf098ca292f0833063832fe79" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 23:42:45 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 23:42:45 2026 +0200" }, "message": "Add maven-surefire-report-plugin to PluginUpgradeStrategy (#12113)\n\nThe surefire-report plugin is released from the same Maven Surefire\nproject as surefire and failsafe plugins, sharing the same version\nand Maven 4 compatibility constraints. Add it with the same 3.5.2\nminimum version to keep all three in sync.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "e6a9c4216be045fdf098ca292f0833063832fe79", "tree": "c0ef604c007f04eb2872e757f46d3fdac09b3d7b", "parents": [ "e2f84736be1bf8cbd2377579742ae547d6bf5b2c" ], "author": { "name": "Gerd Aschemann", "email": "gerd@aschemann.net", "time": "Tue May 19 23:08:45 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 23:08:45 2026 +0200" }, "message": "Fix mvn script expanding ${...} in CLI arguments (#11983)\n\n* Fix mvn script expanding ${...} in CLI arguments\n\nThe eval in the mvn script causes shell expansion of ${...} patterns\nin user-provided arguments. Pass user arguments directly via \"$@\"\ninstead of concatenating them into the eval string. This preserves\nMAVEN_OPTS word splitting while preventing unintended shell expansion.\n\nFixes #11978\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n\n* Add IT for mvn script expanding ${...} in CLI arguments\n\nThe eval in the mvn script causes shell expansion of ${...} patterns\nin user-provided arguments. This regression test exercises the actual\nlauncher script via setForkJvm(true) and verifies that ${...} is not\nexpanded by the shell.\n\nRelated: #11978\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n\n* Apply review suggestions from gnodet on PR #11983\n\n- Use printf in mvn debug output so each user arg is shown\n individually quoted, preserving boundary information now\n that args are no longer embedded in $cmd.\n- Trim IT Javadoc to match codebase style; surefire context\n belongs in the linked issue, not the test.\n- Reword assertion comments to make primary/secondary checks\n parallel.\n\n---------\n\nCo-authored-by: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e" }, { "commit": "e2f84736be1bf8cbd2377579742ae547d6bf5b2c", "tree": "811f1883a20e62560b0056e658be2fa4b59f2736", "parents": [ "ba9378d62ce48d54d47753e49f1b6289e8ea752c" ], "author": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Fri May 15 23:24:10 2026 +0200" }, "committer": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Tue May 19 21:45:47 2026 +0200" }, "message": "Update binary distribution LICENSE with complete Apache License 2.0 text\n" }, { "commit": "ba9378d62ce48d54d47753e49f1b6289e8ea752c", "tree": "64065acad757c128371339b6923c85c57e220e14", "parents": [ "cecd7eefcb14bd10dde22720fe5f9dee12608548" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 17:25:27 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 17:25:27 2026 +0200" }, "message": "Fix #11885: Disable ANSI colors when stdout is piped or redirected on JDK 22+ (#11887)\n\nChange ForcedSysOut to SysOut so that JLine properly checks whether\nstdout is a TTY before creating a system terminal. ForcedSysOut\nbypasses this check, which causes JLine to create a non-dumb terminal\neven when stdout is piped (since stdin is still a TTY), resulting in\nANSI escape codes appearing in piped output on JDK 22+ where the FFM\nprovider successfully creates a terminal from stdin alone.\n\nWith SysOut, JLine detects that stdout is not a TTY and falls back to\na dumb terminal, correctly disabling ANSI colors.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "cecd7eefcb14bd10dde22720fe5f9dee12608548", "tree": "c50870007910aa71be339cbb65718e8a5b5978e4", "parents": [ "b3753714f976d15cfd04fbfb291ca9470b09bb66" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 17:15:59 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 17:15:59 2026 +0200" }, "message": "Fix consumer POM serialization of prefixed XML attributes (fixes #11760)\n\nDuring consumer POM transformation, namespace declarations like xmlns:mvn on\n\u003cproject\u003e are lost (not part of the Maven model), but prefixed attributes like\nmvn:combine.children on XmlNode configuration trees survive, producing invalid\nXML with undeclared namespace prefixes.\n\nFix by adding namespace context tracking to XmlNode: the parser now accumulates\nnamespace declarations and propagates them to child nodes. The StAX and XPP3\nwriters resolve prefixed attributes against local declarations first, then the\ninherited namespace context, auto-declaring namespaces as needed. Orphaned\nprefixes (no declaration, no context) are stripped as a last resort to ensure\nvalid XML output.\n\nChanges:\n- Add XmlNode.namespaces() returning inherited prefix-to-URI bindings\n- Accumulate and propagate namespace context during parsing in DefaultXmlService\n- Fix writer-stax.vm and writer.vm to resolve and declare namespaces properly\n- Preserve dominant node\u0027s namespace context during merge\n- Add 28 tests covering parsing, writing, merging, and consumer POM simulation" }, { "commit": "b3753714f976d15cfd04fbfb291ca9470b09bb66", "tree": "0983ecc4a465571835f3dc5d07da779dbb5fd48f", "parents": [ "4f3ee14c86149abe1903b7a910fc43f1a818bc0d" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 16:27:21 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 16:27:21 2026 +0200" }, "message": "Upgrade extra-enforcer-rules in mvnup plugin dependency handling (#12051)\n\nextra-enforcer-rules versions before 1.4 use DependencyGraphBuilder\n.buildDependencyGraph(MavenProject, ArtifactFilter) which was removed\nin Maven 4. The mvnup plugin upgrade strategy now also checks and\nupgrades dependencies declared inside plugin configurations.\n\nCo-authored-by: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e" }, { "commit": "4f3ee14c86149abe1903b7a910fc43f1a818bc0d", "tree": "37b7a6f398a2c2007afd16ba058213b662a6c4c4", "parents": [ "04bd42a65777ecf7dbb2dd332612947fbd55ba7b" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 16:27:09 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 16:27:09 2026 +0200" }, "message": "Fix #12087: add surefire and failsafe plugins to PluginUpgradeStrategy (#12089)\n\nOlder versions of maven-surefire-plugin and maven-failsafe-plugin\n(e.g. 3.1.2) are incompatible with Maven 4, failing with\nIllegalStateException in MojoExecutionScopeModule. Add both plugins\nwith minimum version 3.5.2 so mvnup upgrades them automatically.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "04bd42a65777ecf7dbb2dd332612947fbd55ba7b", "tree": "8f83c0ac9f591a8381dbf0f16ba44483e90a5a49", "parents": [ "9450f6e49472454af201af6ae7276d3b2f9f3c1f" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 16:26:56 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 16:26:56 2026 +0200" }, "message": "Use maven-api Version for mvnup plugin version comparison (#12072)\n\nReplace hand-rolled version comparison with Session.parseVersion() which\ncorrectly handles milestone/pre-release qualifiers. The previous\nimplementation stripped qualifiers (e.g., 3.0.0-M1 → 3.0.0) causing\npre-release versions to be incorrectly considered sufficient.\n\nThis fixes 19 projects (flink-connectors, sling) using enforcer\n3.0.0-M1 that mvnup failed to upgrade to 3.0.0.\n\nCo-authored-by: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e" }, { "commit": "9450f6e49472454af201af6ae7276d3b2f9f3c1f", "tree": "8427b37574bfb79e50eca3616649b4d23281e6cc", "parents": [ "cfcd638823f528cc0d3a1202a7491fc9f607e858" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 15:32:57 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 15:32:57 2026 +0200" }, "message": "Fix #12085: add regression tests for version inheritance from remote parent (#12090)\n\nThe issue reported a null root artifact error when building projects\nthat inherit version from a remote parent POM. Investigation showed\nthe actual cause was uninterpolated repository expressions leaking\nthrough to the CollectRequest validator, which was already fixed by\ncommits 9332ad3d55 and cee3c33c74.\n\nAdd regression tests covering both single-project and multi-module\nbuilds with version inherited from a remote parent POM (different\ngroupId, empty relativePath).\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "cfcd638823f528cc0d3a1202a7491fc9f607e858", "tree": "dc50d5c057294a1e531e5f7579fd10d105b810a5", "parents": [ "4108a9835914e1fa45cfbf86ef53f34962844c68" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 15:32:47 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 15:32:47 2026 +0200" }, "message": "Fix #12074: prevent false parent cycle with shade plugin\u0027s dependency-reduced-pom.xml (#12078)\n\nIn readParentLocally(), the GA mismatch check ran after readAsParentModel()\nwhich recursively resolves the candidate\u0027s parent chain. When a generated POM\n(e.g., dependency-reduced-pom.xml) sits alongside the project POM and the\ndefault relative path resolves to the wrong POM, the recursive resolution\nadds the shared parent\u0027s model ID to the chain — triggering a false cycle.\n\nMove the GA check before the recursive call by reading only the file model\nfirst. This matches the behavior of the Maven 3 model builder which checked\nGA before recursing.\n\nCo-authored-by: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e" }, { "commit": "4108a9835914e1fa45cfbf86ef53f34962844c68", "tree": "f6f874c62e040cf77411c84449455e2b3dd16add", "parents": [ "498e0fd5d8385d4667021f45d5a8aa00c13c7a1c" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 15:32:36 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 15:32:36 2026 +0200" }, "message": "Fix #12075: skip expression validation for distributionManagement repository IDs (#12076)\n\nParent POM properties are not available during file model validation,\nso chained property references in distributionManagement repository\nIDs (e.g. ${distMgmtStagingId} -\u003e ${distMgmtReleasesId}) cannot be\nfully resolved at this stage. Skip the uninterpolated expression\ncheck for distributionManagement repositories, consistent with how\nprofile repositories are already handled.\n\nUninterpolated repositories are still caught by MavenValidator when\nthey are actually used by the resolver.\n\nCo-authored-by: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e" }, { "commit": "498e0fd5d8385d4667021f45d5a8aa00c13c7a1c", "tree": "108398c31cab0c86e537058b3145ff5fb2e3352f", "parents": [ "7bfc861e57bb0e0340d8f26f51e5d92e7a7feead" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 15:32:27 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 15:32:27 2026 +0200" }, "message": "fix: restore buildConfiguration() callback in deprecated build() methods (#11869)\n\nThe MNG-7947 refactoring changed the deprecated build(Reader, String) and\nbuild(InputStream, String) methods to delegate to the new\nbuild(ReaderSupplier/StreamSupplier, String) methods, which bypassed the\noverridable buildConfiguration() method. This broke subclasses (such as\nEnhancedPluginDescriptorBuilder in maven-plugin-tools) that override\nbuildConfiguration() to intercept the parsed configuration.\n\nRestore the buildConfiguration() callback in the legacy code path while\nstill supporting PLUGIN 2.0.0 namespace detection.\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "7bfc861e57bb0e0340d8f26f51e5d92e7a7feead", "tree": "18898b24a840ba254dd2821339533f9dada112d3", "parents": [ "698356845b271922606f118c379e435c3e2e2fcf" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Tue May 19 15:32:09 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 15:32:09 2026 +0200" }, "message": "fix: propagate addResource() to model Build for Maven 3 compat (#11868)\n\n* fix: propagate addResource() to model Build for Maven 3 compat\n\nWhen a Maven 3 plugin dynamically adds a resource via\nproject.addResource() or project.getResources().add(), the resource\nwas only added to the internal sources set but not to the model\u0027s\nBuild.resources. This caused project.getBuild().getResources() to be\nout of sync with project.getResources(), breaking plugins like\nmaven-source-plugin that access resources through the Build model.\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* fix: sync Build.resources from sources set for Maven 3 compat\n\nAlso sync the model\u0027s Build.resources after project building so that\nproject.getBuild().getResources() is consistent with\nproject.getResources() even when resources are defined via \u003csources\u003e\n(Maven 4.1.0 model) rather than legacy \u003cresources\u003e.\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* fix: only sync Build.resources for \u003csources\u003e projects\n\nAvoid syncing Build.resources for legacy projects to prevent\nPath.toString() from converting forward slashes to backslashes\non Windows (fixes PomConstructionTest.testTargetPathResourceRegression).\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "698356845b271922606f118c379e435c3e2e2fcf", "tree": "b7399c2573a6a6150e144b983067bbaa6114f236", "parents": [ "9332ad3d55fd3d7f42032467c13a5ed37d9c9e8e" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue May 19 06:45:02 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 06:45:02 2026 +0200" }, "message": "Bump org.apache.maven.reporting:maven-reporting-exec from 2.0.0 to 2.0.1 (#12065)\n\nBumps [org.apache.maven.reporting:maven-reporting-exec](https://github.com/apache/maven-reporting-exec) from 2.0.0 to 2.0.1.\n- [Release notes](https://github.com/apache/maven-reporting-exec/releases)\n- [Commits](https://github.com/apache/maven-reporting-exec/compare/maven-reporting-exec-2.0.0...maven-reporting-exec-2.0.1)\n\n---\nupdated-dependencies:\n- dependency-name: org.apache.maven.reporting:maven-reporting-exec\n dependency-version: 2.0.1\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "9332ad3d55fd3d7f42032467c13a5ed37d9c9e8e", "tree": "934d79c516e4ff7c8ffc10e3a8bb83b551d55d17", "parents": [ "a05cab910143c8d0879b2d3265377ec2fb063d5e" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Mon May 18 07:49:42 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 18 07:49:42 2026 +0200" }, "message": "Filter transitive repositories with uninterpolated IDs (#12049) (#12050)\n\nThe existing filter in mergeRepositories already excluded transitive\nrepositories with uninterpolated URLs but did not check repository IDs.\nWhen a transitive dependency POM contained an expression like\n${eclipseP2RepoId} as a repository ID with a valid URL, it passed the\nfilter and later caused MavenValidator to throw IllegalArgumentException.\n\nCo-authored-by: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e" }, { "commit": "a05cab910143c8d0879b2d3265377ec2fb063d5e", "tree": "503559d751d52dc23745d2c1d4523b401bca02a6", "parents": [ "b5ed8ae6e5b9022709681dd70e854555bf427897" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun May 17 10:06:15 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun May 17 10:06:15 2026 +0200" }, "message": "Bump slf4jVersion from 2.0.17 to 2.0.18 (#12056)\n\nBumps `slf4jVersion` from 2.0.17 to 2.0.18.\n\nUpdates `org.slf4j:slf4j-api` from 2.0.17 to 2.0.18\n\nUpdates `org.slf4j:slf4j-simple` from 2.0.17 to 2.0.18\n\nUpdates `org.slf4j:jcl-over-slf4j` from 2.0.17 to 2.0.18\n\nUpdates `org.slf4j:slf4j-jdk-platform-logging` from 2.0.17 to 2.0.18\n\n---\nupdated-dependencies:\n- dependency-name: org.slf4j:slf4j-api\n dependency-version: 2.0.18\n dependency-type: direct:development\n update-type: version-update:semver-patch\n- dependency-name: org.slf4j:slf4j-simple\n dependency-version: 2.0.18\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.slf4j:jcl-over-slf4j\n dependency-version: 2.0.18\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.slf4j:slf4j-jdk-platform-logging\n dependency-version: 2.0.18\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "b5ed8ae6e5b9022709681dd70e854555bf427897", "tree": "c32f12676b86f2ecdece6224fa2287d5dcf8a22d", "parents": [ "cee3c33c74a80263e227fb19c0a9ce1a2a9712f0" ], "author": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Wed Apr 29 23:12:31 2026 +0200" }, "committer": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Fri May 15 22:02:18 2026 +0200" }, "message": "Bump parent to 48 - cleanups\n" }, { "commit": "cee3c33c74a80263e227fb19c0a9ce1a2a9712f0", "tree": "546bc81ede46b6a39959f13bc5a10b74ac2b9b94", "parents": [ "8c36c76ae0718b276695e8252040cc553d2ee968" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu May 14 21:10:04 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 14 21:10:04 2026 +0200" }, "message": "Fix #11920: skip expression validation for profile repository URLs\n\nProfile properties are injected after raw model validation, so\nexpressions in profile repository URLs/IDs cannot be validated at\nthis stage. Skip the uninterpolated expression check for repositories\ninside profiles to allow deferred property interpolation.\n\nCo-authored-by: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e" }, { "commit": "8c36c76ae0718b276695e8252040cc553d2ee968", "tree": "e425773629ce5c0c4d7271c6ce4f23d78bbce6fb", "parents": [ "897494550953e37f68cca022cc0b8d7024fc2ebb" ], "author": { "name": "Guillaume Nodet", "email": "gnodet@gmail.com", "time": "Thu May 14 21:05:18 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 14 21:05:18 2026 +0200" }, "message": "Fix #12045: fix mvnup plugin upgrade strategy for inherited plugins from remote parent POMs\n\n* Fix #12045: warn when effective model analysis fails for inherited plugins\n\nChange the log level from debug to warning when effective model analysis\nfails in PluginUpgradeStrategy, so users are aware when plugins inherited\nfrom remote parent POMs cannot be detected for upgrade.\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n\n* Fix standalone session transport for effective model resolution\n\nRegister transporter factories via @Provides methods so they properly\nfeed into the DI Map\u003cString, TransporterFactory\u003e, fixing the standalone\nsession\u0027s ability to resolve remote parent POMs from Maven Central.\n\nThe previous approach of binding TransporterProvider directly was\noverridden by the @Provides method in RepositorySystemSupplier which\nreceived an empty factory map, leaving no HTTP transport available.\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n\n* Add test for inherited plugin detection from remote parent POM\n\nVerifies that the standalone session can resolve org.apache:apache:23\nfrom Maven Central and detect maven-enforcer-plugin:1.4.1 in the\nparent\u0027s pluginManagement as needing a Maven 4 compatibility upgrade.\n\nCo-Authored-By: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e\n\n---------\n\nCo-authored-by: Claude Opus 4.6 (1M context) \u003cnoreply@anthropic.com\u003e" }, { "commit": "897494550953e37f68cca022cc0b8d7024fc2ebb", "tree": "f8b5415ff96f938a0fc6576f8ce0d415154abe09", "parents": [ "22ca766fcf28b9fccbbd5716f604a326cf60cfd2" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu May 14 08:59:17 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 14 08:59:17 2026 +0200" }, "message": "Bump org.apache.maven:maven-parent from 47 to 48 (#12027)\n\nBumps [org.apache.maven:maven-parent](https://github.com/apache/maven-parent) from 47 to 48.\n- [Release notes](https://github.com/apache/maven-parent/releases)\n- [Commits](https://github.com/apache/maven-parent/commits)\n\n---\nupdated-dependencies:\n- dependency-name: org.apache.maven:maven-parent\n dependency-version: \u002748\u0027\n dependency-type: direct:production\n update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "22ca766fcf28b9fccbbd5716f604a326cf60cfd2", "tree": "5cf571019b2d5c1b6d29a313d3e0e84d6eae36c3", "parents": [ "606f9477e07bd0ea1cd2a7e324cb724e474f792e" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue May 12 06:31:24 2026 +0000" }, "committer": { "name": "Sylwester Lachiewicz", "email": "slachiewicz@apache.org", "time": "Thu May 14 07:21:16 2026 +0200" }, "message": "Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0\n\nBumps [org.codehaus.plexus:plexus-classworlds](https://github.com/codehaus-plexus/plexus-classworlds) from 2.9.0 to 2.11.0.\n- [Release notes](https://github.com/codehaus-plexus/plexus-classworlds/releases)\n- [Commits](https://github.com/codehaus-plexus/plexus-classworlds/compare/plexus-classworlds-2.9.0...plexus-classworlds-2.11.0)\n\n---\nupdated-dependencies:\n- dependency-name: org.codehaus.plexus:plexus-classworlds\n dependency-version: 2.11.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e" }, { "commit": "606f9477e07bd0ea1cd2a7e324cb724e474f792e", "tree": "6c5dfa4be844b400dfad6e49ac34d34fd9cbb817", "parents": [ "dd92d2c20c45f3d90799f0ba85534930be82346e" ], "author": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Mon May 11 18:53:52 2026 +0200" }, "committer": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Mon May 11 21:57:23 2026 +0200" }, "message": "Export scope package from resolver-api 2.x\n" }, { "commit": "dd92d2c20c45f3d90799f0ba85534930be82346e", "tree": "5d6df16b3ad675824273f23cd948ce45259e56fa", "parents": [ "9cedc78f3491085f2786c314298e375b05c04624" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun May 10 17:08:37 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun May 10 17:08:37 2026 +0200" }, "message": "Bump com.github.siom79.japicmp:japicmp-maven-plugin (#12020)\n\nBumps [com.github.siom79.japicmp:japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.25.6 to 0.25.7.\n- [Release notes](https://github.com/siom79/japicmp/releases)\n- [Changelog](https://github.com/siom79/japicmp/blob/master/release.py)\n- [Commits](https://github.com/siom79/japicmp/compare/japicmp-base-0.25.6...japicmp-base-0.25.7)\n\n---\nupdated-dependencies:\n- dependency-name: com.github.siom79.japicmp:japicmp-maven-plugin\n dependency-version: 0.25.7\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "9cedc78f3491085f2786c314298e375b05c04624", "tree": "39d597f04fcbf03838ac3a148ec230257c7197ac", "parents": [ "229cfe56c2957eb57410bf3270631d97cd7b906b" ], "author": { "name": "Hervé Boutemy", "email": "hboutemy@apache.org", "time": "Tue May 05 19:50:57 2026 +0200" }, "committer": { "name": "Hervé Boutemy", "email": "herve.boutemy@free.fr", "time": "Tue May 05 22:35:36 2026 +0200" }, "message": "improve align in dependency graph\n" }, { "commit": "229cfe56c2957eb57410bf3270631d97cd7b906b", "tree": "8d8749365a8b29cd9f99263225c58d7612a27752", "parents": [ "d27af1a895d7d430fc2805a4b898a0ff64a1cb75" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Apr 30 08:41:25 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 30 08:41:25 2026 +0200" }, "message": "Bump jlineVersion from 4.0.12 to 4.0.14 (#12001)\n\nBumps `jlineVersion` from 4.0.12 to 4.0.14.\n\nUpdates `org.jline:jline-reader` from 4.0.12 to 4.0.14\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.12...4.0.14)\n\nUpdates `org.jline:jline-style` from 4.0.12 to 4.0.14\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.12...4.0.14)\n\nUpdates `org.jline:jline-builtins` from 4.0.12 to 4.0.14\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.12...4.0.14)\n\nUpdates `org.jline:jline-console` from 4.0.12 to 4.0.14\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.12...4.0.14)\n\nUpdates `org.jline:jline-console-ui` from 4.0.12 to 4.0.14\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.12...4.0.14)\n\nUpdates `org.jline:jline-terminal` from 4.0.12 to 4.0.14\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.12...4.0.14)\n\nUpdates `org.jline:jline-terminal-ffm` from 4.0.12 to 4.0.14\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.12...4.0.14)\n\nUpdates `org.jline:jline-terminal-jni` from 4.0.12 to 4.0.14\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.12...4.0.14)\n\nUpdates `org.jline:jline-native` from 4.0.12 to 4.0.14\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.12...4.0.14)\n\nUpdates `org.jline:jansi-core` from 4.0.12 to 4.0.14\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.12...4.0.14)\n\n---\nupdated-dependencies:\n- dependency-name: org.jline:jline-reader\n dependency-version: 4.0.14\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-style\n dependency-version: 4.0.14\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-builtins\n dependency-version: 4.0.14\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-console\n dependency-version: 4.0.14\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-console-ui\n dependency-version: 4.0.14\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal\n dependency-version: 4.0.14\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal-ffm\n dependency-version: 4.0.14\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal-jni\n dependency-version: 4.0.14\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-native\n dependency-version: 4.0.14\n dependency-type: direct:development\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jansi-core\n dependency-version: 4.0.14\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "d27af1a895d7d430fc2805a4b898a0ff64a1cb75", "tree": "c891beb4d16aa455461c06295f0f547087765e71", "parents": [ "1762cf66dedc34adeedba5c5529fac26e3461159" ], "author": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Tue Apr 28 16:52:18 2026 +0200" }, "committer": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Tue Apr 28 16:52:18 2026 +0200" }, "message": "Add dependabot ignore for JLine 4.x on 3.10.x\n" }, { "commit": "1762cf66dedc34adeedba5c5529fac26e3461159", "tree": "af3ad902b1aa2561fc07d8611953edbbf6f4bf04", "parents": [ "695abe00022da80c13ccac89fc23322b4d19a05e" ], "author": { "name": "Konrad Windszus", "email": "kwin@apache.org", "time": "Tue Apr 28 12:51:47 2026 +0200" }, "committer": { "name": "Konrad Windszus", "email": "konrad@windszus.net", "time": "Tue Apr 28 15:49:25 2026 +0200" }, "message": "Remove extracted Mac OS JLine binaries from Maven distro\n\nThis prevents issues with the quarantine flag otherwise preventing\nbinaries with that flag from being executed\n(https://www.cisa.gov/eviction-strategies-tool/info-attack/T1144).\nThe fallback automatically kicks in which loads the binary from the JAR\n(https://github.com/jline/jline3/blob/master/native/src/main/java/org/jline/nativ/JLineNativeLoader.java)\nwhich doesn\u0027t have the quarantine flag.\n\nThis closes #10747" }, { "commit": "695abe00022da80c13ccac89fc23322b4d19a05e", "tree": "e4c391db6d5c090cb3b09176dc8c45d32af1c1f3", "parents": [ "388337b32960c6fa5d6b0f9a3ef9948abb914ba2" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Apr 28 09:58:46 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 28 09:58:46 2026 +0200" }, "message": "Bump net.sourceforge.pmd:pmd-core from 7.23.0 to 7.24.0 (#11988)\n\nBumps [net.sourceforge.pmd:pmd-core](https://github.com/pmd/pmd) from 7.23.0 to 7.24.0.\n- [Release notes](https://github.com/pmd/pmd/releases)\n- [Commits](https://github.com/pmd/pmd/compare/pmd_releases/7.23.0...pmd_releases/7.24.0)\n\n---\nupdated-dependencies:\n- dependency-name: net.sourceforge.pmd:pmd-core\n dependency-version: 7.24.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "388337b32960c6fa5d6b0f9a3ef9948abb914ba2", "tree": "884233d900944974532435f97bfe3438a763d79d", "parents": [ "a5558f892dff1d401e95a6e81a0cea4a950a6c96" ], "author": { "name": "Tamas Cservenak", "email": "tamas@cservenak.net", "time": "Sat Apr 25 19:49:14 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Apr 25 19:49:14 2026 +0200" }, "message": "Feat: collapse maven-executor and apply fixes (#11976)\n\nChanges:\n* collapse Maven Executor into single package\n* keepAlive is firgiving, but adjusted to Maven 3.10.x (rc-5 fails with 3.10.x)" }, { "commit": "a5558f892dff1d401e95a6e81a0cea4a950a6c96", "tree": "b80c17648adc06e56a3e4c40be71c00373725e0c", "parents": [ "d573d13ac3f294b91712c0b5493795adec35c874" ], "author": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Wed Apr 22 23:38:24 2026 +0200" }, "committer": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Wed Apr 22 23:38:24 2026 +0200" }, "message": "Maven 3.9.15 - update doap file\n" }, { "commit": "d573d13ac3f294b91712c0b5493795adec35c874", "tree": "808e13f1e38a4ec662dc8f7328e1a638ad13e0eb", "parents": [ "528a0f001a452401c228f6d2b04e661e969ceb19" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Apr 21 06:12:52 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 06:12:52 2026 +0200" }, "message": "Bump com.github.siom79.japicmp:japicmp-maven-plugin (#11961)\n\nBumps [com.github.siom79.japicmp:japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.25.5 to 0.25.6.\n- [Release notes](https://github.com/siom79/japicmp/releases)\n- [Changelog](https://github.com/siom79/japicmp/blob/master/release.py)\n- [Commits](https://github.com/siom79/japicmp/compare/japicmp-base-0.25.5...japicmp-base-0.25.6)\n\n---\nupdated-dependencies:\n- dependency-name: com.github.siom79.japicmp:japicmp-maven-plugin\n dependency-version: 0.25.6\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "528a0f001a452401c228f6d2b04e661e969ceb19", "tree": "87da3b54d226501d1a9de3ca1499510eda6df21e", "parents": [ "868037111d091187f1913c12fee4fcda4771a52b" ], "author": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Wed Apr 15 23:53:56 2026 +0200" }, "committer": { "name": "Slawomir Jaranowski", "email": "s.jaranowski@gmail.com", "time": "Mon Apr 20 18:53:10 2026 +0200" }, "message": "Promote java version in JavaToolchain\n\nMany plugins using toolchains has requirements to detect java version selected by toolchains in runtime.\n\nExpose java version in JavaToolchain can simplify plugins code.\n" }, { "commit": "868037111d091187f1913c12fee4fcda4771a52b", "tree": "7c0d9f38d8ea0f6929930fba174da1e8ac1d6cf2", "parents": [ "6fdf4f4dcbb4fb83464ee80c2098b8d2d672a421" ], "author": { "name": "Tamas Cservenak", "email": "tamas@cservenak.net", "time": "Sun Apr 19 23:23:55 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Apr 19 23:23:55 2026 +0200" }, "message": "Update to Mimir 0.11.3 (#11960)" }, { "commit": "6fdf4f4dcbb4fb83464ee80c2098b8d2d672a421", "tree": "e1a715fd7a0411da87303846ec7948c89b2747a4", "parents": [ "78302702978300c3168787297224a50b53426f57" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sat Apr 18 12:45:32 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Apr 18 12:45:32 2026 +0200" }, "message": "Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11950)\n\nBumps [com.google.guava:guava](https://github.com/google/guava) from 33.5.0-jre to 33.6.0-jre.\n- [Release notes](https://github.com/google/guava/releases)\n- [Commits](https://github.com/google/guava/commits)\n\n---\nupdated-dependencies:\n- dependency-name: com.google.guava:guava\n dependency-version: 33.6.0-jre\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "78302702978300c3168787297224a50b53426f57", "tree": "17be1dc73836b4af9066a3b8be49fd4e83f3917d", "parents": [ "9285ab3a2290077e7b0bda34728f541ed15459c3" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Apr 14 18:31:46 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 18:31:46 2026 +0200" }, "message": "Bump jlineVersion from 4.0.11 to 4.0.12 (#11940)\n\nBumps `jlineVersion` from 4.0.11 to 4.0.12.\n\nUpdates `org.jline:jline-reader` from 4.0.11 to 4.0.12\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.11...4.0.12)\n\nUpdates `org.jline:jline-style` from 4.0.11 to 4.0.12\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.11...4.0.12)\n\nUpdates `org.jline:jline-builtins` from 4.0.11 to 4.0.12\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.11...4.0.12)\n\nUpdates `org.jline:jline-console` from 4.0.11 to 4.0.12\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.11...4.0.12)\n\nUpdates `org.jline:jline-console-ui` from 4.0.11 to 4.0.12\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.11...4.0.12)\n\nUpdates `org.jline:jline-terminal` from 4.0.11 to 4.0.12\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.11...4.0.12)\n\nUpdates `org.jline:jline-terminal-ffm` from 4.0.11 to 4.0.12\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.11...4.0.12)\n\nUpdates `org.jline:jline-terminal-jni` from 4.0.11 to 4.0.12\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.11...4.0.12)\n\nUpdates `org.jline:jline-native` from 4.0.11 to 4.0.12\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.11...4.0.12)\n\nUpdates `org.jline:jansi-core` from 4.0.11 to 4.0.12\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.11...4.0.12)\n\n---\nupdated-dependencies:\n- dependency-name: org.jline:jline-reader\n dependency-version: 4.0.12\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-style\n dependency-version: 4.0.12\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-builtins\n dependency-version: 4.0.12\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-console\n dependency-version: 4.0.12\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-console-ui\n dependency-version: 4.0.12\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal\n dependency-version: 4.0.12\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal-ffm\n dependency-version: 4.0.12\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal-jni\n dependency-version: 4.0.12\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-native\n dependency-version: 4.0.12\n dependency-type: direct:development\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jansi-core\n dependency-version: 4.0.12\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "9285ab3a2290077e7b0bda34728f541ed15459c3", "tree": "29d9092a08ea1be5af6f949415b0f5d050db11e2", "parents": [ "77e7dc636ddabf3b39983d6f8d3d318014bd9545" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Apr 14 18:31:34 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 18:31:34 2026 +0200" }, "message": "Bump com.github.siom79.japicmp:japicmp-maven-plugin (#11941)\n\nBumps [com.github.siom79.japicmp:japicmp-maven-plugin](https://github.com/siom79/japicmp) from 0.25.4 to 0.25.5.\n- [Release notes](https://github.com/siom79/japicmp/releases)\n- [Changelog](https://github.com/siom79/japicmp/blob/master/release.py)\n- [Commits](https://github.com/siom79/japicmp/compare/japicmp-base-0.25.4...japicmp-base-0.25.5)\n\n---\nupdated-dependencies:\n- dependency-name: com.github.siom79.japicmp:japicmp-maven-plugin\n dependency-version: 0.25.5\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "77e7dc636ddabf3b39983d6f8d3d318014bd9545", "tree": "1dd7afc325675680aee155f6a6ba31bf5972b222", "parents": [ "2e18d8f42b4ae8c23ff4fd5be08916039f75807b" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Apr 14 18:31:26 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 18:31:26 2026 +0200" }, "message": "Bump actions/cache from 5.0.4 to 5.0.5 (#11942)\n\nBumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to 5.0.5.\n- [Release notes](https://github.com/actions/cache/releases)\n- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)\n- [Commits](https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae)\n\n---\nupdated-dependencies:\n- dependency-name: actions/cache\n dependency-version: 5.0.5\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "2e18d8f42b4ae8c23ff4fd5be08916039f75807b", "tree": "9b710ded991a93600621f06c2701752598e7bc6a", "parents": [ "b8636bd93a44d9ed9c52a7794c9a7cf9b7770abe" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Apr 13 05:20:27 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 05:20:27 2026 +0200" }, "message": "Bump jlineVersion from 4.0.10 to 4.0.11 (#11902)\n\nBumps `jlineVersion` from 4.0.10 to 4.0.11.\n\nUpdates `org.jline:jline-reader` from 4.0.10 to 4.0.11\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.10...4.0.11)\n\nUpdates `org.jline:jline-style` from 4.0.10 to 4.0.11\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.10...4.0.11)\n\nUpdates `org.jline:jline-builtins` from 4.0.10 to 4.0.11\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.10...4.0.11)\n\nUpdates `org.jline:jline-console` from 4.0.10 to 4.0.11\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.10...4.0.11)\n\nUpdates `org.jline:jline-console-ui` from 4.0.10 to 4.0.11\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.10...4.0.11)\n\nUpdates `org.jline:jline-terminal` from 4.0.10 to 4.0.11\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.10...4.0.11)\n\nUpdates `org.jline:jline-terminal-ffm` from 4.0.10 to 4.0.11\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.10...4.0.11)\n\nUpdates `org.jline:jline-terminal-jni` from 4.0.10 to 4.0.11\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.10...4.0.11)\n\nUpdates `org.jline:jline-native` from 4.0.10 to 4.0.11\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.10...4.0.11)\n\nUpdates `org.jline:jansi-core` from 4.0.10 to 4.0.11\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.10...4.0.11)\n\n---\nupdated-dependencies:\n- dependency-name: org.jline:jline-reader\n dependency-version: 4.0.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-style\n dependency-version: 4.0.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-builtins\n dependency-version: 4.0.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-console\n dependency-version: 4.0.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-console-ui\n dependency-version: 4.0.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal\n dependency-version: 4.0.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal-ffm\n dependency-version: 4.0.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal-jni\n dependency-version: 4.0.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-native\n dependency-version: 4.0.11\n dependency-type: direct:development\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jansi-core\n dependency-version: 4.0.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "b8636bd93a44d9ed9c52a7794c9a7cf9b7770abe", "tree": "4813687380e6284acacf4bb853be5981f15e139e", "parents": [ "485fa0f0b9615bdb2458b24e5468b4978f52a93b" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Apr 13 05:20:17 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 05:20:17 2026 +0200" }, "message": "Bump eu.maveniverse.maven.plugins:bom-builder3 from 1.3.2 to 1.3.3 (#11912)\n\nBumps [eu.maveniverse.maven.plugins:bom-builder3](https://github.com/maveniverse/bom-builder-maven-plugin) from 1.3.2 to 1.3.3.\n- [Release notes](https://github.com/maveniverse/bom-builder-maven-plugin/releases)\n- [Commits](https://github.com/maveniverse/bom-builder-maven-plugin/compare/release-1.3.2...release-1.3.3)\n\n---\nupdated-dependencies:\n- dependency-name: eu.maveniverse.maven.plugins:bom-builder3\n dependency-version: 1.3.3\n dependency-type: direct:development\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "485fa0f0b9615bdb2458b24e5468b4978f52a93b", "tree": "df89fe7b9ba669d21ff8faee7c5802d8876595af", "parents": [ "459de765537854376dd499e931ab87e1d53f9c23" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Apr 13 05:19:33 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 05:19:33 2026 +0200" }, "message": "Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#11931)\n\nBumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a)\n\n---\nupdated-dependencies:\n- dependency-name: actions/upload-artifact\n dependency-version: 7.0.1\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "459de765537854376dd499e931ab87e1d53f9c23", "tree": "96943058d2d92965c982daa4b242f3298af5c3c4", "parents": [ "b44e444fa10916db6467faf33be36b7d9fca31f7" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Apr 02 10:47:32 2026 +0000" }, "committer": { "name": "Sylwester Lachiewicz", "email": "slachiewicz@apache.org", "time": "Sun Apr 05 12:24:31 2026 +0200" }, "message": "Bump org.codehaus.plexus:plexus-utils\n\nBumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 3.3.0 to 4.0.3.\n- [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases)\n- [Commits](https://github.com/codehaus-plexus/plexus-utils/compare/plexus-utils-3.3.0...plexus-utils-4.0.3)\n\n---\nupdated-dependencies:\n- dependency-name: org.codehaus.plexus:plexus-utils\n dependency-version: 4.0.3\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e" }, { "commit": "b44e444fa10916db6467faf33be36b7d9fca31f7", "tree": "db20d6165f7a370b8e2e42797c0fd824ead29b73", "parents": [ "ed79e943be8a7ddbee034220259b408567cd8245" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sat Apr 04 08:13:34 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Apr 04 08:13:34 2026 +0200" }, "message": "Bump jlineVersion from 4.0.9 to 4.0.10 (#11883)\n\nBumps `jlineVersion` from 4.0.9 to 4.0.10.\n\nUpdates `org.jline:jline-reader` from 4.0.9 to 4.0.10\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.9...4.0.10)\n\nUpdates `org.jline:jline-style` from 4.0.9 to 4.0.10\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.9...4.0.10)\n\nUpdates `org.jline:jline-builtins` from 4.0.9 to 4.0.10\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.9...4.0.10)\n\nUpdates `org.jline:jline-console` from 4.0.9 to 4.0.10\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.9...4.0.10)\n\nUpdates `org.jline:jline-console-ui` from 4.0.9 to 4.0.10\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.9...4.0.10)\n\nUpdates `org.jline:jline-terminal` from 4.0.9 to 4.0.10\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.9...4.0.10)\n\nUpdates `org.jline:jline-terminal-ffm` from 4.0.9 to 4.0.10\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.9...4.0.10)\n\nUpdates `org.jline:jline-terminal-jni` from 4.0.9 to 4.0.10\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.9...4.0.10)\n\nUpdates `org.jline:jline-native` from 4.0.9 to 4.0.10\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.9...4.0.10)\n\nUpdates `org.jline:jansi-core` from 4.0.9 to 4.0.10\n- [Release notes](https://github.com/jline/jline3/releases)\n- [Commits](https://github.com/jline/jline3/compare/4.0.9...4.0.10)\n\n---\nupdated-dependencies:\n- dependency-name: org.jline:jline-reader\n dependency-version: 4.0.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-style\n dependency-version: 4.0.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-builtins\n dependency-version: 4.0.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-console\n dependency-version: 4.0.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-console-ui\n dependency-version: 4.0.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal\n dependency-version: 4.0.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal-ffm\n dependency-version: 4.0.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-terminal-jni\n dependency-version: 4.0.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jline-native\n dependency-version: 4.0.10\n dependency-type: direct:development\n update-type: version-update:semver-patch\n- dependency-name: org.jline:jansi-core\n dependency-version: 4.0.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "ed79e943be8a7ddbee034220259b408567cd8245", "tree": "eb36b8736d0aaa7481abb8710084853f7d4770e6", "parents": [ "720a96bb2b5f66f7ff269c3540d1e07dd822b984" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri Apr 03 07:29:32 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 03 07:29:32 2026 +0200" }, "message": "Bump net.sourceforge.pmd:pmd-core from 7.22.0 to 7.23.0 (#11864)\n\nBumps [net.sourceforge.pmd:pmd-core](https://github.com/pmd/pmd) from 7.22.0 to 7.23.0.\n- [Release notes](https://github.com/pmd/pmd/releases)\n- [Commits](https://github.com/pmd/pmd/compare/pmd_releases/7.22.0...pmd_releases/7.23.0)\n\n---\nupdated-dependencies:\n- dependency-name: net.sourceforge.pmd:pmd-core\n dependency-version: 7.23.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "720a96bb2b5f66f7ff269c3540d1e07dd822b984", "tree": "1ba93f4399f9e6add1fecabedc4019d26fd3ba89", "parents": [ "f8561f67d3c6ba47ebb60b4f647212be6388e0d1" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Apr 02 06:40:51 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 02 06:40:51 2026 +0200" }, "message": "Bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3 (#11863)\n\nBumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 4.0.2 to 4.0.3.\n- [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases)\n- [Commits](https://github.com/codehaus-plexus/plexus-utils/compare/plexus-utils-4.0.2...plexus-utils-4.0.3)\n\n---\nupdated-dependencies:\n- dependency-name: org.codehaus.plexus:plexus-utils\n dependency-version: 4.0.3\n dependency-type: direct:development\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "f8561f67d3c6ba47ebb60b4f647212be6388e0d1", "tree": "9978cd5ef97b226c3749198315727e6615b511e6", "parents": [ "cccb63ab188c8a6bd709936deb0156439dcc73a2" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Apr 02 06:38:45 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 02 06:38:45 2026 +0200" }, "message": "Bump org.codehaus.woodstox:stax2-api from 4.2.2 to 4.3.0 (#11870)\n\nBumps [org.codehaus.woodstox:stax2-api](https://github.com/FasterXML/stax2-api) from 4.2.2 to 4.3.0.\n- [Commits](https://github.com/FasterXML/stax2-api/compare/stax2-api-4.2.2...stax2-api-4.3.0)\n\n---\nupdated-dependencies:\n- dependency-name: org.codehaus.woodstox:stax2-api\n dependency-version: 4.3.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" } ], "next": "cccb63ab188c8a6bd709936deb0156439dcc73a2" }