Update dependency org.codehaus.gmavenplus:gmavenplus-plugin to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.codehaus.gmavenplus:gmavenplus-plugin (source)	1.6 → 4.3.0

---

Release Notes

groovy/GMavenPlus (org.codehaus.gmavenplus:gmavenplus-plugin)

v4.3.0

Compare Source

Bugs

• Fixed constructor problem (#​345) (Thanks @​cliviu!)

Enhancements

• Support toolchains for compilation, GroovyDoc, and stub generation (#​349 and #​356) using the new fork parameter

Potentially breaking changes

None

Notes

Full Changelog: groovy/GMavenPlus@4.2.1...4.3.0

v4.2.1

Compare Source

Bugs

• Fix compatibility with Groovy 4.0.27 and 5.0.0-beta-1 which changed (GROOVY-11668) the signature of the GroovyDocTool constructor (#​335).

Enhancements

None.

Potentially breaking changes

None.

Notes

None.

v4.2.0

Compare Source

Bugs

None

Enhancements

• Support Java 24 and 25 (#​330)
• Support Maven 4 (#​328) Thanks to @​gnodet for this PR!

Potentially breaking changes

None

Notes

None

v4.1.1

Compare Source

Bugs

• Accidentally changed required Maven version from >=3.6.3 to >=3.9.9 (#​324).

Enhancements

None

Potentially breaking changes

None

Notes

None

v4.1.0

Compare Source

Bugs

None

Enhancements

• Add a property for scripts parameter, so it can be specified from the command line (#​316).
• Add timeouts for connecting and reading from scripts URLs (#​317).

Potentially breaking changes

None

Notes

None

v4.0.1

Compare Source

Bugs

• Fix broken plugin due to problems encountered during release process (#​314)

Enhancements

None

Potentially breaking changes

None

Notes

None

v4.0.0

Compare Source

Bugs

None

Enhancements

• Support Java 22 and 23 (#​302)
• Multiple dependency upgrades, including some that fixed CVEs
• Added a warning about using SecurityManager to prevent System.exit() calls. JEP 411 deprecated SecurityManager in Java 17, for future removal. It is unclear what it will be replaced with for the use case of preventing System.exit() usages. JDK-8199704 is one possibility.

Potentially breaking changes

• Updated the required Maven version to 3.6.3 to conform to the compatibility plan (#​309)

Notes

None

v3.0.2

Compare Source

Bugs

[#​280] The 3.0.1 jar was corrupt (thanks @​eugene-sadovsky for reporting this!).

Enhancements

• [#​279] Fix CVE-2023-42503.

Potentially breaking changes

None.

Notes

The CVE fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.

v3.0.1

Compare Source

Bugs

• [#​276] Fix that enabling skipBytecodeCheck causes the Groovy version to be reported as not supporting the goal (thanks for reporting this @​jgenoctr!).

Enhancements

• [#​264] Support targeting Java 21 bytecode (thanks @​bmarwell!).
• [#​253] Fix CVE-2020-8908 and CVE-2023-2976.
• Fix CVE-2023-37460 (242baa8 and 623a56f).

Potentially breaking changes

None.

Notes

The CVEs fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.

v3.0.0

Compare Source

Bugs

• [#​244] Fix Maven plugin validation warnings (thanks @​hazendaz!).

Enhancements

• [#​239] Require Maven 3.2.5.

Potentially breaking changes

Maven's compatibility plan marked Maven versions older than 3.2.5 as EOL in March 2023. Therefore, we now require 3.2.5 to move forward with the rest of the ecosystem.

Notes

Fixing the validation warnings removed some Maven dependencies from the plugin's classpath (instead of using the ones from Maven itself). I'm not aware of any negative consequences of this, but it's possible certain specialized use cases might encounter changes in behavior.

v2.1.0

Compare Source

Bugs

None.

Enhancements

• [#​230] Recognize JDK 19 as a valid target bytecode.
• [#​232] Recognize JDK 20 as a valid target bytecode.

Potentially breaking changes

None.

Notes

None.

v2.0.0

Compare Source

Bugs

None.

Enhancements

• [#​210] Improve error messages when Groovy classes can't be located (avoiding the NullPointerExceptions that were causing confusion and instead throwing our own exception).
• [#​221] apache/groovy@8d19017 (comment) caused an exception to be thrown for Groovy 4.0.0-RC-1 and newer when binding properties in a script/console/shell and bindPropertiesToSeparateVariables is false. The error logging when this happens has been improved.
• [#​223] Support 5, 6, 7, 8, and 1.9 arguments to targetBytecode so that validation doesn't unexpectedly fail since it uses the maven.compiler.target property and these arguments are valid for javac.

Potentially breaking changes

This release requires Java 8 and drops support for Java 7. This was necessary to update dependencies which fix vulnerabilities. Specifically, in maven-archiver. At the time of release, the following dependencies were not compatible with Java 7

• org.apache.commons:commons-compress
• org.codehaus.plexus:plexus-archiver
• org.apache.maven:maven-archiver
• org.codehaus.plexus:plexus-io
• org.codehaus.plexus:plexus-utils

This is not the first breaking release, but it is the first breaking release to follow the semver conventions.

Notes

None.

v1.13.1

Compare Source

Bugs

• [#​203] Using bindAllProjectProperties and bindSessionUserOverrideProperties together can cause an NPE (thanks for reporting this @​sebthom!).

Enhancements

None

Potentially breaking changes

None.

Notes

None.

v1.13.0

Compare Source

Bugs

None.

Enhancements

• [#​196] Add support for targetting Java 17 (thanks @​chiquitinxx!).
• [#​198] Add support for targetting Java 18.
• [#​188/#​193] Update Ant from 1.10.8 to 1.10.11.

Potentially breaking changes

None.

Notes

None.

v1.12.1

Compare Source

Bugs

• [#​186] Certain AST transformations had classloader issues because 1.12.0 was no longer setting the context classloader.

Enhancements

• Update Jansi to 2.x.

Potentially breaking changes

The Jansi upgrade should generally be compatible, but could cause issues with scripts that were using Jansi 1.x specific classes.

Notes

None.

v1.12.0

Compare Source

Bugs

• [#​183] The classloader project dependencies are loaded onto is reused between modules, so each module was a superset of all modules that preceded it. Also, the console, execute, and shell mojos didn't pass the classloader to use into the instantiated GroovyConsole/GroovyShell, so it accidentally was using the plugin classloader, even when configured to use PROJECT_ONLY classpath. Thanks for reporting this @​TobiX!

Enhancements

None

Potentially breaking changes

This should be a non-breaking change (except for unusual situations that were relying on the previous incorrect behavior). However, since it's a significant change, I'm bumping the version by more than just the patch version.

Notes

This potentially runs slower than before, since a new classloader is instantiated each execution, rather than resuing the same classloader, so the classes referenced will have to be reinitialized.

v1.11.1

Compare Source

Bugs

• Fixes IllegalArgumentException when consoleScript parameter was loaded from POM rather than command line property.

Enhancements

None

Potentially breaking changes

None

Notes

None

v1.11.0

Compare Source

Bugs

None

Enhancements

• Change JDK compatibility check to also account for Java 16.
• Some tweaks for Groovy 4 (most notably, invokedynamic is enabled by default for Groovy 4 and cannot be disabled).
• New parameter (attachGroovyDocAnnotation) to enable attaching GroovyDoc annotation.
• New parameter (parallelParsing) to enable parallel parsing (enabled by default with Groovy 4).
• Remove previewFeatures parameter from stub generation goals, since it's not used there.

Potentially breaking changes

• If you were using the previewFeatures parameter without also including a compilation goal that would make that config valid, the build will fail because it's no longer a valid parameter. The fix would be to move that configuration to the appropriate execution(s).

Notes

None

v1.10.1

Compare Source

Bugs

None

Enhancements

• Ability to override classes used to generate GroovyDoc (#​91)
• Ability to override GStringTemplates used for GroovyDoc (#​105)
• Ability to bind overridden properties (by binding project properties and/or session user properties) (#​72)
• Ability to load a script when launching GroovyConsole (#​165)

Potentially breaking changes

None

Notes

None

v1.10.0

Compare Source

Bugs

None

Enhancements

• Change default GroovyDoc jar artifact type to javadoc, so its extension gets set to "jar" by the artifact handler instead of "groovydoc" by the default handler logic which uses the type for the extension in the case of unknown types (#​151).

Potentially breaking changes

• GroovyDoc jars and test GroovyDoc jars will now be of type "javadoc" and have extension "jar".  Rather than type and extension "groovydoc".  If you do not wish to transition to this new behavior, set the new artifactType or testArtifactType property to "groovydoc" to revert to the previous behavior.

Notes

• While the artifact type of GroovyDoc jars has changed, the Maven classifier has not.  It remains "groovydoc", and you can still override that, just as before.

v1.9.1

Compare Source

Bugs

None

Enhancements

• Add a property to skip script execution (#​162)

Potentially breaking changes

None

Notes

None

v1.9.0

Compare Source

Bugs

None

Enhancements

• Support for Java 14 (#​152).
• Support for Java 15 (#​153).
• Add skipBytecodeCheck property and parameter, so if a Java version comes out the plugin doesn't recognize, you can use it without having to wait for an update.
• Use groovy.ant.AntBuilder instead of groovy.util.AntBuilder (if available).

Potentially breaking changes

• maven.groovydoc.skip property was renamed to skipGroovydoc so it matches the pattern of the other properties and won't seem to imply it's a property for a standard Maven plugin.
• Using groovy.ant.AntBuilder instead of groovy.util.AntBuilder (when available on classpath).
• Bundling Ant 1.10.7 instead of 1.10.5.
• Bundling Ivy 2.5.0 instead of 2.4.0.

Notes

• Now officially requires Java 7 instead of 6. This is not a breaking change, however, since this was actually already required because of plexus-classworlds. This just wasn't discovered until an enforcer rule was added to check bytecode versions of dependencies.

v1.8.1

Compare Source

Bugs

• #​147 Change sourcesets internal storage from HashSet to TreeSet, to avoid unpredictable Groovy compiler output on certain filesystems (thanks @​marcphilipp!).
• #​145 Disable system exits by default, to avoid potential thread safety issues.

Enhancements

None

Potentially breaking changes

• #​145 Changes the default of not allowing System.exits to allowing them.

Notes

None

v1.8.0

Compare Source

Bugs

• None

Enhancements

• Allow for invocation using only project classpath (#​140). This is accomplished with <includeClasspath>PLUGIN_ONLY</includeClasspath>.

Potentially breaking changes

#​140

If you were using useSharedClasspath before, you will need to replace it with new values. In most cases, this would be

usedSharedClasspath	includeClasspath
true	PROJECT_AND_PLUGIN
false	PROJECT_ONLY

Another notable difference is that when using this new configuration parameter in compile, compileTests, generateStubs, or generateTestStubs goals, now also uses the configurator to add the project dependencies to the classpath with the plugin's dependencies. Previously, this only happened in the goals other than the ones mentioned.

Notes

None

v1.7.1

Compare Source

Bugs

• Fix that Groovy 3.0.0-alpha-5 was actually released as 3.0.0-beta-1 (#​133)

Enhancements

• Support Java preview features (#​125)
• New goals to create GroovyDoc jars (#​124)
• Use the new "groovy.console.ui.Console" package, if available, fall back to "groovy.ui.Console" (#​136)

Potentially breaking changes

None

Notes

None

v1.7.0

Compare Source

Bugs

• Fix executing script from URL in Groovy older than 1.7.0 (#​131)
• Use unique configuration names for every mojo, so goals don't conflict (#​120)

Enhancements

• Support Java 13 (#​122)

Potentially breaking changes

#​120 corrects an inadvertent breaking change made in 1.6.0 with #​31/#​58. Here are those changes:

	1.5	1.6	1.7
addStubSources	stubsOutputDirectory	outputDirectory	stubsOutputDirectory
addTestStubSources	testStubsOutputDirectory	outputDirectory	testStubsOutputDirectory
compileTests/testCompile	testOutputDirectory	outputDirectory	testOutputDirectory
generateStubs	stubsOutputDirectory	outputDirectory	stubsOutputDirectory
generateTestStubs/testGenerateStubs	testStubsOutputDirectory	outputDirectory	testStubsOutputDirectory
groovydocTests/testGroovydoc	groovydocJavaSources	groovydocJavaSources	testGroovydocJavaSources
removeStubs	stubsOutputDirectory	outputDirectory	stubsOutputDirectory
removeTestStubs	testStubsOutputDirectory	outputDirectory	testStubsOutputDirectory

In addition, unused parameters have been removed:
addSources

• skipTests
• testSources

addStubSources

• skipTests
• sources
• testSources

addTestSources

• outputDirectory
• skipTests
• sources

addTestStubSources

• sources
• testSources

compile

• skipTests
• testSources

compileTests

• sources

console

• skipTests

execute

• skipTests

generateStubs

• skipTests
• testSources

generateTestStubs

• sources

groovydoc

• skipTests
• testSources
• testGroovyDocOutputDirectory

groovydocTests

• skipTests
• sources

removeStubs

• skipTests
• sources
• testSources

removeTestStubs

• sources
• testSources

shell

• skipTests

Lastly, addTestStubSources and removeTestStubs now respect the skipTests flag, for consistency.

Notes

None

v1.6.3

Compare Source

Bugs

None

Enhancements

• Ability to use Groovy from plugin dependencies (creates a single classpath with plugin and project dependencies) (#​64 & #​86)
• Support for Java 13 bytecode (#​123)
• Log executed scripts (#​119)
• Log message from exception cause (#​112)

Potentially breaking changes

None

Notes

None

v1.6.2

Compare Source

Bugs

• Fixed that could error saying no Groovy dependency when it shouldn't because no Groovy sources exist (ef3a3d5).

Enhancements

• Support for Java 10 bytecode (#​104)
• Support for Java 11 bytecode (#​106)

Potentially breaking changes

None

Notes

None

v1.6.1

Compare Source

Bugs

• Fixed that was logging Groovy version as not supporting config script if config script file didn't exist
• Fixed NPE when calling mojo without Groovy dependency
• Fixed that was logging compile classpath instead of test classpath during test GroovyDoc generation

Enhancements

None

Potentially breaking changes

None

Notes

None

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.