feat(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
eclipse-temurin	final	patch	21.0.6_7-jdk → 21.0.10_7-jdk
maven (source)		patch	3.9.9 → 3.9.14
maven	final	patch	3.9.9-eclipse-temurin-21 → 3.9.14-eclipse-temurin-21
maven-wrapper (source)		patch	3.3.2 → 3.3.4
org.apache.maven.plugins:maven-gpg-plugin (source)	build	patch	3.2.7 → 3.2.8
com.puppycrawl.tools:checkstyle (source)	build	minor	10.21.4 → 10.26.1
net.alchim31.maven:scala-maven-plugin	build	patch	4.9.2 → 4.9.10
org.jacoco:jacoco-maven-plugin (source)	build	patch	0.8.12 → 0.8.14
org.codehaus.mojo:build-helper-maven-plugin (source)	build	patch	3.6.0 → 3.6.1
org.apache.maven.plugins:maven-surefire-plugin (source)	build	patch	3.5.2 → 3.5.5
org.apache.maven.plugins:maven-source-plugin (source)	build	minor	3.3.1 → 3.4.0
org.apache.maven.plugins:maven-resources-plugin (source)	build	minor	3.3.1 → 3.5.0
org.apache.maven.plugins:maven-javadoc-plugin (source)	build	minor	3.11.2 → 3.12.0
org.apache.maven.plugins:maven-pmd-plugin (source)	build	minor	3.26.0 → 3.28.0
org.apache.maven.plugins:maven-jar-plugin (source)	build	minor	3.4.2 → 3.5.0
org.apache.maven.plugins:maven-failsafe-plugin (source)	build	patch	3.5.2 → 3.5.5
org.apache.maven.plugins:maven-enforcer-plugin (source)	build	minor	3.5.0 → 3.6.2
org.apache.maven.plugins:maven-compiler-plugin (source)	build	minor	3.14.0 → 3.15.0
org.apache.maven.plugins:maven-assembly-plugin (source)	build	minor	3.7.1 → 3.8.0
io.fabric8:docker-maven-plugin	build	minor	0.45.1 → 0.48.1
org.apache.maven.plugins:maven-antrun-plugin (source)	build	minor	3.1.0 → 3.2.0
org.wiremock:wiremock (source)	test	minor	3.12.1 → 3.13.2
org.scalacheck:scalacheck_2.12 (source)	test	minor	1.18.1 → 1.19.0
org.scalatest:scalatest_2.12 (source)	test	patch	3.2.19 → 3.2.20
io.mockk:mockk-jvm (source)	test	minor	1.13.17 → 1.14.9
org.mockito:mockito-core	test	minor	5.16.1 → 5.23.0
org.junit:junit-bom (source)	import	minor	5.12.1 → 5.14.3
org.scala-lang:scala-compiler (source)	test	minor	2.12.20 → 2.13.18
ch.qos.logback:logback-core (source, changelog)	compile	patch	1.5.18 → 1.5.25
ch.qos.logback:logback-classic (source, changelog)	compile	patch	1.5.18 → 1.5.32
com.fasterxml.uuid:java-uuid-generator	compile	minor	5.1.0 → 5.2.0
org.jetbrains.kotlinx:kotlinx-coroutines-bom	import	patch	1.10.1 → 1.10.2
org.jetbrains.kotlin:kotlin-maven-plugin (source)	build	minor	2.1.10 → 2.3.20
org.jetbrains.kotlin:kotlin-bom (source)	import	minor	2.1.10 → 2.3.20
io.projectreactor:reactor-bom (source)	import	patch	2024.0.4 → 2024.0.16
io.netty:netty-bom (source)	import	minor	4.1.119.Final → 4.2.12.Final
io.micrometer:micrometer-registry-jmx	compile	minor	1.14.5 → 1.16.4
io.micrometer:micrometer-registry-graphite	compile	minor	1.14.5 → 1.16.4
io.micrometer:micrometer-registry-prometheus-simpleclient	compile	minor	1.14.5 → 1.16.4
io.micrometer:micrometer-core	compile	minor	1.14.5 → 1.16.4
com.fasterxml.jackson:jackson-bom	import	minor	2.18.3 → 2.21.2
com.google.guava:guava	compile	minor	33.4.0-jre → 33.5.0-jre
io.dropwizard.metrics:metrics-jmx (source)	compile	patch	4.2.30 → 4.2.38
io.dropwizard.metrics:metrics-healthchecks (source)	compile	patch	4.2.30 → 4.2.38
io.dropwizard.metrics:metrics-graphite (source)	compile	patch	4.2.30 → 4.2.38
io.dropwizard.metrics:metrics-json (source)	compile	patch	4.2.30 → 4.2.38
io.dropwizard.metrics:metrics-jvm (source)	compile	patch	4.2.30 → 4.2.38
io.dropwizard.metrics:metrics-core (source)	compile	patch	4.2.30 → 4.2.38
net.bytebuddy:byte-buddy-parent	import	minor	1.17.2 → 1.18.7-jdk5
org.bouncycastle:bcpkix-jdk18on (source)	compile	minor	1.80 → 1.83
org.jetbrains:annotations	compile	minor	26.0.2 → 26.1.0

GitHub Vulnerability Alerts

CVE-2025-11226

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment variable before program execution.

A successful attack requires the Janino library and Spring Framework to be present on the user's class path. Additionally, the attacker must have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privileges.

CVE-2026-1225

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file.

The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.

---

Release Notes

apache/maven (maven)

v3.9.14

Compare Source

v3.9.13

Compare Source

v3.9.12: 3.9.12

Compare Source

🚀 New features and improvements

• [3.9.x] Apply resolver changes and improvements (#​11536) @​cstamas
• Update formatting of prerequisites-requirements error to improve readability (#​11523) @​slawekjaranowski
• Allow a Maven plugin to require a Java version (#​11479) @​slawekjaranowski
• Use MavenRepositorySystem in ProjectBuildingHelper instead of deprecated RepositorySystem (#​11358) @​slawekjaranowski
• Make maven.config use UTF8 (#​11264) @​cstamas
• Simplify prefix resolution (#​11197) @​slawekjaranowski

🐛 Bug Fixes

• Add default implementation for new method in MavenPluginManager (#​11522) @​slawekjaranowski
• Repository layout should be used in MavenRepositorySystem (#​11495) @​slawekjaranowski
• Fix plugin prefix resolution when metadata is not available from repository (#​11290) @​slawekjaranowski
• Improve source root modification warning message (#​11105) @​gnodet
• Bug: bad cache isolation between two sessions (#​11082) @​cstamas
• Set Guice class loading to CHILD - avoid using terminally deprecated methods (#​11003) @​slawekjaranowski
• Avoid parsing MAVEN_OPTS (3.9.x) (#​10969) @​BobVul

📝 Documentation updates

• clarify repository vs deployment repository (#​11492) @​hboutemy
• add maintained branches (#​11448) @​hboutemy

👻 Maintenance

• Add IntelliJ icon (#​11408) @​Bukama
• Build by JDK 25 (#​11187) @​slawekjaranowski
• Deprecate org.apache.maven.repository.RepositorySystem in 3.9.x (#​11096) @​slawekjaranowski

🔧 Build

• Bump actions/download-artifact from 5.0.0 to 6.0.0 (#​11335) @​dependabot[bot]
• Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#​11336) @​dependabot[bot]

📦 Dependency updates

• Bump actions/cache from 4.3.0 to 5.0.0 (#​11542) @​dependabot[bot]
• Bump resolverVersion from 1.9.24 to 1.9.25 (#​11533) @​dependabot[bot]
• Bump actions/checkout from 6.0.0 to 6.0.1 (#​11512) @​dependabot[bot]
• Bump actions/setup-java from 5.0.0 to 5.1.0 (#​11519) @​dependabot[bot]
• Bump actions/checkout from 5.0.1 to 6.0.0 (#​11476) @​dependabot[bot]
• Bump actions/checkout from 5.0.0 to 5.0.1 (#​11458) @​dependabot[bot]
• Bump commons-cli:commons-cli from 1.10.0 to 1.11.0 (#​11438) @​dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#​11416) @​dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#​11417) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.4 to 2.11.0 (#​11331) @​dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.26 (#​11231) @​dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#​11203) @​dependabot[bot]
• Bump actions/cache from 4.2.4 to 4.3.0 (#​11172) @​dependabot[bot]
• Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre (#​11143) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.3 to 2.10.4 (#​11121) @​dependabot[bot]
• Bump actions/cache from 4.2.3 to 4.2.4 (#​11032) @​dependabot[bot]
• Bump commons-cli:commons-cli from 1.9.0 to 1.10.0 (#​11018) @​dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#​10966) @​dependabot[bot]

v3.9.11: 3.9.11

Compare Source

🚀 New features and improvements

• Augment version range resolution used repositories (#​2574) @​cstamas

🐛 Bug Fixes

• Deduplicate filtered dependency graph (#​2489) @​alzimmermsft
• Move ensure in boundaries of project lock (#​2470) @​cstamas

👻 Maintenance

• [MNGSITE-393] - remove references to Maven 2 (#​2438) @​elharo
• Update CONTRIBUTING after GitHub issues enabled (#​2449) @​slawekjaranowski
• Enable Github Issues (3.9.x) (#​2414) @​Bukama
• [MNG-8763] - Remove name from site bannerLeft (#​2419) @​slawekjaranowski

🔧 Build

• Pin GitHub action versions by hash (#​10898) @​slawekjaranowski
• Build the project by JDK 21 as default (#​10896) @​slawekjaranowski
• Use Maven 3.9.10 for build on GitHub (#​2452) @​slawekjaranowski

📦 Dependency updates

• Bump resolverVersion from 1.9.23 to 1.9.24 (#​2540) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.2 to 2.10.3 (#​2500) @​dependabot[bot]
• Bump org.apache.maven:maven-parent from 44 to 45 (#​2491) @​dependabot[bot]
• Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 (#​2432) @​dependabot[bot]

v3.9.10: 3.9.10

Compare Source

Release Notes - Maven - Version 3.9.10

Bug

• [MNG-8096] - Inconsistent dependency resolution behaviour for concurrent multi-module build can cause failures
• [MNG-8169] - MINGW support requires --add-opens java.base/java.lang=ALL-UNNAMED
• [MNG-8170] - Maven 3.9.8 contains weird native library for Jansi on Windows/arm64
• [MNG-8211] - Maven should fail builds that use CI Friendly versions but have no values set
• [MNG-8248] - WARNING: A restricted method in java.lang.System has been called
• [MNG-8256] - ProjectDependencyGraph bug: in case of filtering, non-direct module links are lost
• [MNG-8315] - Failure of mvn.cmd if a .mvn directory is located at drive root
• [MNG-8396] - Maven takes forever to resume
• [MNG-8711] - "Duplicate artifact" in LifecycleDependencyResolver

Improvement

• [MNG-8370] - Introduce maven.repo.local.head
• [MNG-8399] - JDK 24+ issues warning about usage of sun.misc.Unsafe
• [MNG-8707] - Add methods to remove compile and test source roots
• [MNG-8712] - improve dependency version explanation: it&#​39;s a requirement, not always effective version
• [MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding
• [MNG-8722] - Use a single standalone version of asm
• [MNG-8731] - Use https for xsi:schemaLocation in generated descriptors
• [MNG-8734] - Simplify scripting like "get project version" cases

Task

• [MNG-8728] - Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 and use Java 24 on CI

Dependency upgrade

• [MNG-8289] - Update Plexus annotations to 2.2.0
• [MNG-8443] - Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre
• [MNG-8531] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0
• [MNG-8532] - Bump commons-io:commons-io from 2.16.1 to 2.18.0
• [MNG-8534] - Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1
• [MNG-8635] - Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3
• [MNG-8636] - Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre
• [MNG-8640] - Bump org.apache.maven:maven-parent from 43 to 44
• [MNG-8661] - Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre
• [MNG-8701] - Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28
• [MNG-8702] - Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0
• [MNG-8703] - Bump commons-io:commons-io from 2.18.0 to 2.19.0
• [MNG-8704] - Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre
• [MNG-8705] - Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0
• [MNG-8706] - Bump commons-cli:commons-cli from 1.8.0 to 1.9.0
• [MNG-8715] - Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2
• [MNG-8716] - Bump resolver to 1.9.23
• [MNG-8745] - Bump xmlunitVersion from 2.10.0 to 2.10.2

What's Changed

• [MNG-8211] Fail the build if CI Friendly revision used without value by @​cstamhttps://github.com/apache/maven/pull/1656l/1656
• Add missing since by @​cstamhttps://github.com/apache/maven/pull/1682l/1682
• [MNG-8256] FilteredProjectDependencyGraph fix for non-transitive case by @​cstamhttps://github.com/apache/maven/pull/1724l/1724
• [MNG-8315] Failure of mvn.cmd if a .mvn folder is located at drive root by @​fmarhttps://github.com/apache/maven/pull/1806l/1806
• [MNG-8289] Update Plexus Annotations to 2.2.0 by @​dependabhttps://github.com/apache/maven/pull/1666l/1666
• [MNG-8370] Add maven.repo.local.head by @​slawekjaranowshttps://github.com/apache/maven/pull/1915l/1915
• [MNG-8443] Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre by @​dependabhttps://github.com/apache/maven/pull/1991l/1991
• [MNG-8531] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 by @​dependabhttps://github.com/apache/maven/pull/2013l/2013
• [MNG-8532] Bump commons-io:commons-io from 2.16.1 to 2.18.0 by @​dependabhttps://github.com/apache/maven/pull/1926l/1926
• [MNG-8534] Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1 by @​dependabhttps://github.com/apache/maven/pull/1699l/1699
• Add PR Automation action by @​slawekjaranowshttps://github.com/apache/maven/pull/2113l/2113
• Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3 by @​dependabhttps://github.com/apache/maven/pull/2167l/2167
• Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre by @​dependabhttps://github.com/apache/maven/pull/2168l/2168
• [MNG-8640] Bump org.apache.maven:maven-parent from 43 to 44 by @​dependabhttps://github.com/apache/maven/pull/2163l/2163
• Use Maven 3.9.9 for build maven-3.9.x branch by @​slawekjaranowshttps://github.com/apache/maven/pull/2177l/2177
• [MNG-8248] Add enable-native-access to startup scripts by @​slawekjaranowshttps://github.com/apache/maven/pull/2171l/2171
• [MNG-8661] Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre by @​dependabhttps://github.com/apache/maven/pull/2185l/2185
• Use dedicated local repo for ITs on Jenkins by @​slawekjaranowshttps://github.com/apache/maven/pull/2255l/2255
• [MNG-8701] Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 by @​dependabhttps://github.com/apache/maven/pull/2240l/2240
• [MNG-8702] Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 by @​dependabhttps://github.com/apache/maven/pull/2241l/2241
• [MNG-8703] Bump commons-io:commons-io from 2.18.0 to 2.19.0 by @​dependabhttps://github.com/apache/maven/pull/2258l/2258
• [MNG-8704] Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre by @​dependabhttps://github.com/apache/maven/pull/2264l/2264
• [MNG-8705] Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0 by @​dependabhttps://github.com/apache/maven/pull/2270l/2270
• [MNG-8706] Bump commons-cli:commons-cli from 1.8.0 to 1.9.0 by @​dependabhttps://github.com/apache/maven/pull/1665l/1665
• [MNG-8715] Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 by @​dependabhttps://github.com/apache/maven/pull/2280l/2280
• [MNG-8707] Add methods to remove compile and test source roots by @​gnodhttps://github.com/apache/maven/pull/2275l/2275
• [MNG-8712] dependency version is a requirement, not effective by @​hboutehttps://github.com/apache/maven/pull/2279l/2279
• [MNG-8717] Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding by @​slawekjaranowshttps://github.com/apache/maven/pull/2295l/2295
• [MNG-8169] Add opens java.base/java.lang=ALL-UNNAMED for MinGW by @​slawekjaranowshttps://github.com/apache/maven/pull/2296l/2296
• [MNG-8722] Use a single standalone version of asm by @​slawekjaranowshttps://github.com/apache/maven/pull/2297l/2297
• [MNG-8716] Bump resolver to 1.9.23 by @​slawekjaranowshttps://github.com/apache/maven/pull/2282l/2282
• [MNG-8731] Use https for xsi:schemaLocation in generated descriptors by @​slawekjaranowshttps://github.com/apache/maven/pull/2343l/2343
• [MNG-8711] Fix concurrent cache access by @​slawekjaranowshttps://github.com/apache/maven/pull/2345l/2345
• Update README.md by @​slawekjaranowshttps://github.com/apache/maven/pull/2353l/2353
• [MNG-8728] Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 by @​cstamhttps://github.com/apache/maven/pull/2359l/2359
• [MNG-8728] Build ITs on JDK 21, 24 by @​slawekjaranowshttps://github.com/apache/maven/pull/2360l/2360
• [MNG-8734] Make Maven 3.9.10 ignore --raw-streams option by @​cstamhttps://github.com/apache/maven/pull/2361l/2361
• Bump xmlunitVersion from 2.10.0 to 2.10.1 by @​dependabhttps://github.com/apache/maven/pull/2354l/2354
• [MNG-8396] Backport: add cache layer to the filtered dep graph by @​cstamhttps://github.com/apache/maven/pull/2393l/2393
• [MNG-8745] Bump xmlunitVersion from 2.10.1 to 2.10.2 by @​dependabhttps://github.com/apache/maven/pull/2389l/2389

New Contributors

• @​fmarot made their first contributihttps://github.com/apache/maven/pull/1806l/1806

Full Changelog: apache/maven@maven-3.9.9...maven-3.9.10

apache/maven-wrapper (maven-wrapper)

v3.3.4: 3.3.4

Compare Source

🐛 Bug Fixes

• Revert wrapper version removal (#​365) @​breun

👻 Maintenance

• Ensure Path Traversal is fully addressed in MavenWrapperDownloader (#​363) @​hazendaz

v3.3.3: 3.3.3

Compare Source

💥 Breaking changes

• Remove wrapper lifecycle (#​357) @​slawekjaranowski

🚀 New features and improvements

• Fix Maven wrapper support for snapshot distributions (#​335) @​gnodet

🐛 Bug Fixes

• [MWRAPPER-143] - The wrapperVersion property is not used in only-script mode (#​145) @​bdemers
• fix: Maven wrapper relative distributionUrl does not work (fixes #​272) (#​107) @​danishcake
• Fix Windows Junction Link support in mvnw.cmd (#​143) @​fp024
• [MWRAPPER-158] - Remove incorrect license header (#​166) @​lbruun
• [MWRAPPER-161] - Improve script directory detection when using sh mvnw (#​329) @​ppkarwasz
• [MWRAPPER-162] - Removed dead link was getting 404 (#​167) @​montu376
• [MWRAPPER-159] - Fix shellcheck in mvnw (#​168) @​slawekjaranowski
• [MWRAPPER-146] - Bad substitution on Windows if MVNW_REPOURL is set on script-only (#​151) @​jahk04
• [MWRAPPER-147] - mvnw.cmd fails to launch maven if username contains space (#​152) @​sebthom
• [MWRAPPER-150] - Fails to validate checksums on MacOS Sequoia (#​155) @​jon-signal
• [MWRAPPER-111] - Trim whitespace when reading from properties file (#​158) @​mhalbritter
• [MWRAPPER-153] - Fixed only-mvnw.cmd fails when FIPS mode is enabled on Windows hosts (#​157) @​zbalkan

📝 Documentation updates

• Clarify usage of MAVEN_USER_HOME (#​359) @​slawekjaranowski
• site is now /tools/wrapper (#​336) @​hboutemy

👻 Maintenance

• Use invoker version from parent (#​356) @​slawekjaranowski
• Refresh download page (#​354) @​slawekjaranowski
• Update site descriptor to 2.0.0 (#​351) @​slawekjaranowski
• Enable prevent branch protection rules (#​348) @​slawekjaranowski
• Copy edit docs (#​344) @​elharo
• Prefer @​Inject (#​343) @​elharo
• Bump shellcheck to 0.10.0 (#​333) @​slachiewicz
• Enable GitHub Issues (#​169) @​slawekjaranowski
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#​163) @​Bukama

📦 Dependency updates

• Bump mavenVersion from 3.9.6 to 3.9.11 (#​360) @​dependabot[bot]
• Bump exec-maven-plugin to 3.5.1 in ITs (#​355) @​slawekjaranowski
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#​350) @​dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#​349) @​dependabot[bot]
• Bump actions/checkout from 4 to 5 (#​347) @​dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#​339) @​dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#​164) @​dependabot[bot]
• Bump org.apache.maven.resolver:maven-resolver-api from 1.9.20 to 1.9.24 (#​334) @​dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.4.2 to 3.5.1 (#​153) @​dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#​147) @​dependabot[bot]
• Upgrade to parent pom 45 (#​332) @​slachiewicz
• [MWRAPPER-154] - Bump commons-io:commons-io from 2.16.1 to 2.18.0 (#​161) @​dependabot[bot]
• Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#​149) @​dependabot[bot]

checkstyle/checkstyle (com.puppycrawl.tools:checkstyle)

v10.26.1

Checkstyle 10.26.1 - https://checkstyle.org/releasenotes.html#Release_10.26.1

Bug fixes:

#​17250 - NewlineAtEndOfFileCheck and empty files (size 0)

Other Changes:

Preparation for Migration of Checkstyle Codebase to Java 17
Add data to javadoc of Check to indicate true version of module properties inherited from the abstract parent class

v10.26.0

Checkstyle 10.26.0 - https://checkstyle.org/releasenotes.html#Release_10.26.0

New:

#​14949 - Add Check Support for Java 21 Record Pattern : New Check PatternVar

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box