Bump the dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the dependencies group with 11 updates in the / directory:

Package	From	To
software.amazon.awssdk:secretsmanager	2.29.6	2.39.6
com.github.spotbugs:spotbugs-annotations	4.8.6	4.9.8
org.apache.maven.plugins:maven-compiler-plugin	3.13.0	3.14.1
org.apache.maven.plugins:maven-source-plugin	3.3.1	3.4.0
org.apache.maven.plugins:maven-javadoc-plugin	3.11.1	3.12.0
com.github.spotbugs:spotbugs-maven-plugin	4.8.6.5	4.9.8.2
org.jacoco:jacoco-maven-plugin	0.8.12	0.8.14
org.apache.maven.plugins:maven-dependency-plugin	3.8.1	3.9.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.2	3.5.4
org.apache.maven.plugins:maven-gpg-plugin	3.2.7	3.2.8
org.sonatype.central:central-publishing-maven-plugin	0.7.0	0.9.0

Updates software.amazon.awssdk:secretsmanager from 2.29.6 to 2.39.6

Updates com.github.spotbugs:spotbugs-annotations from 4.8.6 to 4.9.8

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

4.9.8

SpotBugs 4.9.8

CHANGELOG

Fixed

• Maven plugin reporting issue if -adjustPriority is not set (#3774)

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.8-javadoc.jar	06fb742e3170087983c5855d7d8d846d7cdab9badfdf4b3564b424deb1dc0b28
spotbugs-4.9.8-sources.jar	cbee8358dd239e81fdcf37c32d1e6bedf148d25638b0c8d1b687d97c3061ecd9
spotbugs-4.9.8.tgz	2eb8e0f2b223c22ffa2ce0c1cf1be4127dde19d240b8f7ce69a5fd3ad5c36ff3
spotbugs-4.9.8.zip	e13d476403cf69074f415e35ebcc2f865f7a1ea444c1e659516bc0260e74dfa5
spotbugs-annotations-4.9.8-javadoc.jar	aecf15bb27a4d067e9b5a1c85b5d3aeefc5026a66e93040995804662e285d679
spotbugs-annotations-4.9.8-sources.jar	075b2eed660c2fe2fb1ad1de028f8fdff5f358e25c1318706b95ab17bb28be44
spotbugs-annotations.jar	6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
spotbugs-ant-4.9.8-javadoc.jar	025b2fb90e089dab1875068397736003bbf9e66bcac287ecb9e512dd0d387748
spotbugs-ant-4.9.8-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	4469bc080afe7cd2290a20bf63e28392b80abcc7c7ace33c8f55da52a17c7ca5
test-harness-4.9.8-javadoc.jar	81677f77441af941613c99a4f04b3cb2f6b1950be589afdec03905d8e2917824
test-harness-4.9.8-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.9.8.jar	0076a3bc9602c78d73edb048e625a96ee6a182fa3dd39300aa739af67b954189
test-harness-core-4.9.8-javadoc.jar	e3e64a5fd96be16eec8b832e87da703e5eae910b3abd7bda9ff81a10363e5c7f
test-harness-core-4.9.8-sources.jar	043a55d99a517c0d9cf702b0c183b4afd3f03af9eff4a86d59bb37df1b35b532
test-harness-core-4.9.8.jar	4e439df3b499660d91a659d7c523fcdc4945c932dfc7fee68e796193f9dff6bb
test-harness-jupiter-4.9.8-javadoc.jar	ae8ddee06796757be0526af1adf5969fbc149c0cf83542e6641405e69a044496
test-harness-jupiter-4.9.8-sources.jar	17144f315686bfd01c02fa4ae7c916060c41de8eed58d5b8470416fa08f46ced
test-harness-jupiter-4.9.8.jar	9e1bc39da08c6c80091f34f1fd92ec092109d0cdfd8009910bc22772df06eea7

4.9.7

SpotBugs 4.9.7

CHANGELOG

Fixed

• Fix Eclipse not always using latest preferences file state (#3740)
• Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
• Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
• Documentation of -adjustPriority parameter
• Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
• Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

• Support for fully qualified class names for detectors in -adjustPriority parameter
• Support for numerical and absolute priority adjustments
• Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

• Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.8 - 2025-10-18

Fixed

• Maven plugin reporting issue if -adjustPriority is not set (#3774)

4.9.7 - 2025-10-14

Fixed

• Fix Eclipse not always using latest preferences file state (#3740)
• Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
• Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
• Documentation of -adjustPriority parameter
• Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
• Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

• Support for fully qualified class names for detectors in -adjustPriority parameter
• Support for numerical and absolute priority adjustments
• Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

• Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

Build

• Allow our GA builds to work with JDK 25 (and drop support for JDK 24) (#3564)

4.9.6 - 2025-09-16

Fixed

• Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

4.9.5 - 2025-09-14

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotation (#3695)

4.9.4 - 2025-08-07

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

... (truncated)

Commits

• c1fa7f2 release v4.9.8
• 023f8dd fix(deps): update dependency org.apache.groovy:groovy-all to v5.0.2 (#3782)
• 423f1d1 Unconditional while loops no raising IL_INFINITE_LOOP (#3537)
• 9125bee Fix priority adjustment code
• 183da6c fix(deps): update dependency org.springframework:spring-core to v6.2.12 (#3779)
• a499f2e chore(deps): update dependency com.diffplug.gradle:goomph to v4.4.1 (#3776)
• b339bc1 Unconditionally initialize PriorityAdjuster for AbstractBugReporter
• 96891fe chore(deps): update plugin com.github.spotbugs to v6.4.3 (#3773)
• a3667d7 chore(docs): Updated supported versions
• 333a96a prepare for next release
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.1

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.1

🚀 New features and improvements

• Improve DeltaList behavior for large projects (#335) @​gsmet
• Allow to not use --module-version for the Java compiler (#331) @​pzygielo

🐛 Bug Fixes

• Add generatedSourcesPath back to the maven project (#312) @​mensinda
• [MCOMPILER-538] - Do not add target/generated-sources/annotations to the source roots (#191) @​mensinda

📦 Dependency updates

• Enforce asm version used here, to not depend on brittle transitive (#964) @​olamy
• Bump mavenVersion from 3.9.10 to 3.9.11 (#952) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 44 to 45 (#935) @dependabot[bot]
• Bump mavenVersion from 3.9.9 to 3.9.10 (#336) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#324) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316) @dependabot[bot]

3.14.0

🚀 New features and improvements

• Enable GitHub Issues (#305) @​slawekjaranowski
• [MCOMPILER-579] - allow module-version configuration (#273) @​mguillem
• Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.4.0 - JDK 24 support (#293) @dependabot[bot]
• Update release-drafter configuration, PR automation (#281) @​slawekjaranowski
• [MCOMPILER-588] - JUnit4 test framework to JUnit5 migration (#236) @​MidNight-er

🐛 Bug Fixes

• Fix release-drafter config (#292) @​slawekjaranowski
• [MCOMPILER-591] - testCompile - fix detections of target less than 1.9 (#240) @​slawekjaranowski

📦 Dependency updates

• Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.4.0 - JDK 24 support (#293) @dependabot[bot]
• Bump mavenVersion from 3.6.3 to 3.9.9 (#283) @dependabot[bot]
• Bump org.mockito:mockito-core from 4.8.0 to 4.11.0 (#288) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#285) @dependabot[bot]
• [MCOMPILER-590] - Bump org.apache.maven.plugins:maven-plugins from 41 to 42 (#235) @dependabot[bot]

👻 Maintenance

• Update scm tag according to branch (#303) @​slawekjaranowski
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#300) @​Bukama
• Use JUnit version from parent (#299) @​slawekjaranowski
• [MCOMPILER-529] - Update docs about version schema (Maven 3) (#295) @​Bukama

... (truncated)

Commits

• 0df6940 [maven-release-plugin] prepare release maven-compiler-plugin-3.14.1
• 1bf9e5a Enforce asm version used here, to not depend on brittle transitive (#964)
• f5161c4 Bump mavenVersion from 3.9.10 to 3.9.11 (#952)
• 63846f1 Improve DeltaList behavior for large projects (#335)
• ab3f845 Bump org.apache.maven.plugins:maven-plugins from 44 to 45
• 164bad4 Allow to not use --module-version for the Java compiler
• 0b76ccd Bump mavenVersion from 3.9.9 to 3.9.10
• 5dbc9c3 Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0
• 17949d1 Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316)
• d44d1be Add generatedSourcesPath back to the maven project
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

• [MSOURCES-140] - fail only if re-attach different files (#24) @​hboutemy

👻 Maintenance

• Bump m-invoker-p to 3.9.1 (#251) @​slachiewicz
• Allow to manually execute release drafter (#58) @​slawekjaranowski
• GH Issues (Maven 3 branch) (#57) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @​Bukama

📦 Dependency updates

• Use plexus-utils version from parent (#252) @​slachiewicz
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]
• Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]
• [MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]
• [MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]
• [MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

Commits

• ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
• 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
• 7a9a770 [maven-release-plugin] prepare for next development iteration
• 292c1ce Use plexus-utils version from parent
• bf79b71 Bump m-invoker-p to 3.9.1
• 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
• a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
• 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
• ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.11.1 to 3.12.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.12.0

💥 Breaking changes

• remove fix mojo (#1263) @​elharo
• detectOfflineLinks is now false per default for all jar mojo issue #1258 (#1259) @​olamy

🐛 Bug Fixes

• Fix legacyMode (#1265) @​fridrich
• Fix package {...} does not exist in legacyMode (#1243) @​JackPGreen
• Ensure UTF-8 charset is used to avoid IllegalArgumentException: Null charset name (#1245) @​elharo
• Remove Javadoc 1.4+ / -1.1 switch related warning (#1240) @​perceptron8

👻 Maintenance

• protect 3.8.x branch (#1238) @​hboutemy
• feat: enable prevent branch protection rules (#1228) @​sparsick

📦 Dependency updates

• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1257) @dependabot[bot]

3.11.3

🚨 Removed

• Remove workaround for long patched CVE in javadoc (#388) @​elharo

🚀 New features and improvements

• Issue #369 Support --no-fonts option per default for jdk 23+ (#375) @​olamy

🐛 Bug Fixes

• Make the legacyMode consistent (Filter out all of the module-info.java files in legacy mode, do not use --source-path in legacy mode) (#1217) @​fridrich
• [MJAVADOC-826] - Don't try to modify project source roots (#358) @​oehme

📝 Documentation updates

• Correct javadoc-no-fork description on index-page (#368) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#360) @​Bukama
• (doc) Close links tag in links parameter javadoc example (#355) @​sixcorners

👻 Maintenance

• Be consistent about data encoding when copying files (#1215) @​fridrich
• Clean up JavadocUtilTest (#1210) @​elharo
• Use Java 7 relativization instead of hand-rolled code (#385) @​elharo
• Rephrase source code fix interactive messages for clarity (#390) @​elharo

... (truncated)

Commits

• 2a06bed [maven-release-plugin] prepare release maven-javadoc-plugin-3.12.0
• a71ecf9 bump version 3.12.0-SNAPSHOT
• 88f2b71 [maven-release-plugin] prepare for next development iteration
• 7e18956 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.4
• c11b76c In legacyMode, don't use -sourcepath, unless excludePackageNames is not empty...
• bc9904b remove fix mojo (#1263)
• f310135 Fix package {...} does not exist in legacyMode (#1243)
• c8270f9 detectOfflineLinks is now false per default for all jar mojo issue #1258 ...
• 953e609 Delete flaky test (#1260)
• 2bba7a4 Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.5 to 4.9.8.2

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.9.8.2

• Fixed generate site reports to include all site variations, thanks to @​bradleylarrick
• Add support for source jar/zip, thanks to @​cortlepp

Spotbugs Maven Plugin 4.9.8.1

Bug fix with SpotbugsInfo.EOF error (was meant to be SpotbugsInfo.EOL).

Spotbugs Maven Plugin 4.9.8.0

Bug fix release supporting spotbugs 4.9.8.

Spotbugs Maven Plugin 4.9.7.0

• Supports 4.9.7 of spotbugs
• Build updates
• Fixes spotbugs/spotbugs-maven-plugin#1215

Spotbugs Maven Plugin 4.9.6.0

• Supports spotbugs 4.9.6
• note: 4.9.5 had a defect with detection of jakarta in servlets that was unexpected and quickly patched for this release.

Spotbugs Maven Plugin 4.9.5.0

• Support spotbugs 4.9.5

Spotbugs Maven Plugin 4.9.4.2

Consumer

• Add support for 'chooseVisitors'
• Minor code cleanup
• Still supports spotbugs 4.9.4

Producer

• Remove add opens from jvm.config as no longer needed

Spotbugs Maven Plugin 4.9.4.1

Consumer

• Cleanup readme to better support plugin
• Dropped direct usage of plexus utils and commons io
• Groovy 5 now run engine
• Correct issue since 4.9.2.0 resulting in most runs getting spotbugs.html file incorrectly. This has been refactored to restore doxia 1 overrides to produce xml report only when not running in site lifecycle
• Correct defects with handling of various files on disk such as exclusion filters that were introduced into 4.9.4.0. Integration tests have been applied to prevent future regression.
• Commons io fileutils replaced by files.walk with detailed output moved to debug collection only rather than all runs
• Normalization of path to linux style
• Any regex usage is now precompiled
• Use re-entrant lock for source indexer
• Correct locale usage to use default if not given
• Block doctype and XXE when processing xml files
• Cleanup some fields from resources and in code never used

Producer

• Pin versions of github actions tools
• Run maven 3.6.3 integration test on windows to get more broad support
• Run maven integration test on mac to get more broad support

... (truncated)

Commits

• a03feda [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.8.2
• 1c8063d [gha] Update actions
• f59d628 Merge pull request #1265 from spotbugs/renovate/actions-checkout-6.x
• 1c232fb chore(deps): update actions/checkout action to v6
• 436be13 Merge pull request #1263 from spotbugs/renovate/actions-checkout-digest
• 0708203 Merge pull request #1264 from spotbugs/renovate/github-codeql-action-digest
• fcd2d1b chore(deps): update github/codeql-action digest to e12f017
• 7c54b5b chore(deps): update actions/checkout digest to 93cb6ef
• 79d724e Merge pull request #1262 from spotbugs/renovate/lang3.version
• b9bbed3 fix(deps): update dependency org.apache.commons:commons-lang3 to v3.20.0
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.14

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.14

New Features

• JaCoCo now officially supports Java 25 (GitHub #1950).
• Experimental support for Java 26 class files (GitHub #1870).
• Branches added by the Kotlin compiler for default argument number 33 or higher are filtered out during generation of report (GitHub #1655).
• Part of bytecode generated by the Kotlin compiler for elvis operator that follows safe call operator is filtered out during generation of report (GitHub #1814, #1954).
• Part of bytecode generated by the Kotlin compiler for more cases of chained safe call operators is filtered out during generation of report (GitHub #1956).
• Part of bytecode generated by the Kotlin compiler for invocations of suspendCoroutineUninterceptedOrReturn intrinsic is filtered out during generation of report (GitHub #1929).
• Part of bytecode generated by the Kotlin compiler for suspending lambdas with parameters is filtered out during generation of report (GitHub #1945).
• Part of bytecode generated by the Kotlin compiler for suspending functions and lambdas with suspension points that return inline value class is filtered out during generation of report (GitHub #1871).
• Part of bytecode generated by the Kotlin Compose compiler plugin for pausable composition is filtered out during generation of report (GitHub #1911).
• Methods generated by the Kotlin serialization compiler plugin are filtered out (GitHub #1885, #1970, #1971).

Fixed bugs

• Fixed handling of implicit else clause of when with String subject in Kotlin (GitHub #1813, #1940).
• Fixed handling of implicit default clause of switch by String in Java when compiled by ECJ (GitHub #1813, #1940). Fixed handling of exceptions in chains of safe call operators in Kotlin (GitHub #1819).

Non-functional Changes

• JaCoCo now depends on ASM 9.9 (GitHub #1965).

0.8.13

New Features

• JaCoCo now officially supports Java 23 and Java 24 (GitHub #1757, #1631, #1867).
• Experimental support for Java 25 class files (GitHub #1807).
• Calculation of line coverage for Kotlin inline functions (GitHub #1670).
• Calculation of line coverage for Kotlin inline functions with reified type parameter (GitHub #1670, #1700).
• Calculation of coverage for Kotlin JvmSynthetic functions (GitHub #1700).
• Part of bytecode generated by the Kotlin Compose compiler plugin is filtered out during generation of report (GitHub #1616).
• Part of bytecode generated by the Kotlin compiler for inline value classes is filtered out during generation of report (GitHub #1475).
• Part of bytecode generated by the Kotlin compiler for suspending lambdas without suspension points is filtered out during generation of report (GitHub #1283).
• Part of bytecode generated by the Kotlin compiler for when expressions and statements with nullable enum subject is filtered out during generation of report (GitHub #1774).
• Part of bytecode generated by the Kotlin compiler for when expressions and statements with nullable String subject is filtered out during generation of report (GitHub #1769).
• Part of bytecode generated by the Kotlin compiler for chains of safe call operators is filtered out during generation of report (GitHub #1810, #1818).
• Method getEntries generated by the Kotlin compiler for enum classes is filtered out during generation of report (GitHub #1625).
• Methods generated by the Kotlin compiler for constructors and functions with JvmOverloads annotation are filtered out (GitHub #1768).

Fixed bugs

• Fixed interpretation of Kotlin SMAP (GitHub #1525).
• File extensions are preserved in HTML report in case of clashes of normalized file names (GitHub #1660).

Non-functional Changes

• JaCoCo build now uses Maven Wrapper and requires at least Maven 3.9.9 (GitHub #1708, #1707, #1681).
• JaCoCo now depends on ASM 9.8 (GitHub #1862).
• More context information when IllegalArgumentException occurs during reading of zip file (GitHub #1833).

Commits

• 2eb2483 Prepare release v0.8.14
• de76181 KotlinSerializableFilter should filter more methods (#1971)
• 89c4bd5 Fix NPE in KotlinSerializableFilter (#1970)
• 0981128 Migrate release staging to the Central Publisher Portal (#1968)
• d07bc6b Add filter for bytecode generated by Kotlin serialization compiler plugin (#1...
• 5e35fd5 Upgrade maven-dependency-plugin to 3.9.0 (#1966)
• c2fe5cc Upgrade ASM to 9.9 (#1965)
• b0f8e23 KotlinSafeCallOperatorFilter should filter "unoptimized" safe call followed b...
• c7bd3f4 Upgrade spotless-maven-plugin to 3.0.0 (#1961)
• faa289d KotlinSafeCallOperatorFilter should not be affected by presence of pseudo ins...
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.9.0

🚀 New features and improvements

• Use Resolver API in go-offline for dependencies resolving (#1533) @​slawekjaranowski
• Use Resolver API in go-offline for plugins resolving (#1532) @​slawekjaranowski
• Fixes #1522, add render-dependencies mojo (#1523) @​rmannibucau
• Use Resolver API in resolve-plugin (#1521) @​slawekjaranowski
• [MEDP-964] - unconditionally ignore dependencies known to be loaded by reflection (#1492) @​elharo
• Update maven-dependency-analyzer to support Java24 (#528) @​talios
• [MDEP-972] - copy-dependencies: copy signatures alongside artifacts (#514) @​Ndacyayisenga-droid
• [MDEP-776] - Warn when multiple dependencies have the same file name (#463) @​elharo
• [MDEP-966] - Migrate AnalyzeDepMgt to Sisu (#473) @​elharo
• [MDEP-957] - By default, don't report slf4j-simple as unused (#433) @​elharo

🐛 Bug Fixes

• ProjectBuildingRequest should not be modified (#1520) @​slawekjaranowski
• Fix - markersDirectory is not working when unpack goal is executed from command line (#537) @​vaibhavbatra15
• Fix broken link for analyze-exclusions-mojo on usage-page (#521) @​Bukama
• [MDEP-839] - Avoid extra blank lines in file (#495) @​elharo
• Update collect URL (#510) @​elharo
• [MDEP-689] - Fixes ignored dependency filtering in go-offline goal (#417) @​ldhardy
• [MDEP-960] - Repair silent logging (#447) @​elharo

📝 Documentation updates

• [MDEP-933] - Document dependency tree output formats (#535) @​Ndacyayisenga-droid
• Add additional comment to clarify the minimal supported version of ou… (#465) @​gluxhappy
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#511) @​Bukama
• Unix file separators (#507) @​elharo

👻 Maintenance

• Simplify usage of RepositoryManager and DependencyResolver (#1518) @​slawekjaranowski
• Use Resolver API in copy and unpack (#1514) @​slawekjaranowski
• Update site descriptor to 2.0.0 (#1508) @​slawekjaranowski
• Enable prevent branch protection rules (#1503) @​slawekjaranowski
• Fix [MDEP-931] - Replace PrintWriter with Writer in AbstractSerializing Visitor and subclasses (#530) @​Ndacyayisenga-droid
• Cleanups dependencies (#1496) @​slawekjaranowski
• Copy edit parameter descriptions (#1488) @​elharo
• Small Javadoc clarifications (#533) @​elharo
• [MDEP-967] - Change info to debug logging in AbstractFromConfigurationMojo (#529) @​Ndacyayisenga-droid
• fix: remove duplicate maven-resolver-api and maven-resolver-util dependencies in pom.xml (#526) @​Ndacyayisenga-droid
• Enable GH issues (#522) @​Bukama
• Remove redundant/unneeded code (#519) @​elharo
• Add PR Automation and Stale actions (#513) @​slawekjaranowski
• Keep files in temporary directory to be deleted after test (#508) @​pzygielo
• Drop unnecessary call (#509) @​pzygielo
• Avoid deprecated ArtifactFactory (#489) @​elharo

... (truncated)

Commits

• 826e5f0 [maven-release-plugin] prepare release maven-dependency-plugin-3.9.0
• 0db1acc Use Resolver API in go-offline for dependencies resolving (#1533)
• e50031a Use Resolver API in go-offline for plugins resolving
• 6ed4b1a Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0
• 8776c61 Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
• d2af78e Ignore Mockito 5.x and SLF4j 2.x by dependabot
• dcd4b7d Bump org.assertj:assertj-core from 3.27.4 to 3.27.5