Skip to content

Bump the maven-plugins group across 2 directories with 2 updates#149

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/core/maven-plugins-442fc961ec
Closed

Bump the maven-plugins group across 2 directories with 2 updates#149
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/core/maven-plugins-442fc961ec

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the maven-plugins group with 1 update in the /core directory: org.apache.maven.plugins:maven-site-plugin.
Bumps the maven-plugins group with 2 updates in the /processor directory: org.apache.maven.plugins:maven-site-plugin and org.apache.maven.plugins:maven-surefire-plugin.

Updates org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0

Release notes

Sourced from org.apache.maven.plugins:maven-site-plugin's releases.

3.22.0

🚀 New features and improvements

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Commits
  • f9f7cc6 [maven-release-plugin] prepare release maven-site-plugin-3.22.0
  • f7b57ea Bump org.codehaus.plexus:plexus-interactivity-api from 1.3 to 1.5.1
  • 282aa04 Several site improvements (#1272)
  • 55ebd9f Upgrade to Doxia 2.1.0
  • 93ecbb6 Improve goal description
  • 106d259 Improve error messages
  • a7511e9 Fix additional PR comments
  • c3c1c0f Rename from "hot-reload" to "auto-refresh"
  • 5fb1504 Add blocking "hot-reload" goal
  • 2d9a489 Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1271)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0

Release notes

Sourced from org.apache.maven.plugins:maven-site-plugin's releases.

3.22.0

🚀 New features and improvements

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Commits
  • f9f7cc6 [maven-release-plugin] prepare release maven-site-plugin-3.22.0
  • f7b57ea Bump org.codehaus.plexus:plexus-interactivity-api from 1.3 to 1.5.1
  • 282aa04 Several site improvements (#1272)
  • 55ebd9f Upgrade to Doxia 2.1.0
  • 93ecbb6 Improve goal description
  • 106d259 Improve error messages
  • a7511e9 Fix additional PR comments
  • c3c1c0f Rename from "hot-reload" to "auto-refresh"
  • 5fb1504 Add blocking "hot-reload" goal
  • 2d9a489 Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1271)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0

Release notes

Sourced from org.apache.maven.plugins:maven-site-plugin's releases.

3.22.0

🚀 New features and improvements

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Commits
  • f9f7cc6 [maven-release-plugin] prepare release maven-site-plugin-3.22.0
  • f7b57ea Bump org.codehaus.plexus:plexus-interactivity-api from 1.3 to 1.5.1
  • 282aa04 Several site improvements (#1272)
  • 55ebd9f Upgrade to Doxia 2.1.0
  • 93ecbb6 Improve goal description
  • 106d259 Improve error messages
  • a7511e9 Fix additional PR comments
  • c3c1c0f Rename from "hot-reload" to "auto-refresh"
  • 5fb1504 Add blocking "hot-reload" goal
  • 2d9a489 Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1271)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

  • Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
  • e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
  • dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
  • 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
  • 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
  • 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
  • 04ad9a2 Use surefire 3.5.5 by project itself for testing
  • 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
  • a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
  • e838393 deploy 3.5.x branch to nexus
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0

Release notes

Sourced from org.apache.maven.plugins:maven-site-plugin's releases.

3.22.0

🚀 New features and improvements

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Commits
  • f9f7cc6 [maven-release-plugin] prepare release maven-site-plugin-3.22.0
  • f7b57ea Bump org.codehaus.plexus:plexus-interactivity-api from 1.3 to 1.5.1
  • 282aa04 Several site improvements (#1272)
  • 55ebd9f Upgrade to Doxia 2.1.0
  • 93ecbb6 Improve goal description
  • 106d259 Improve error messages
  • a7511e9 Fix additional PR comments
  • c3c1c0f Rename from "hot-reload" to "auto-refresh"
  • 5fb1504 Add blocking "hot-reload" goal
  • 2d9a489 Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1271)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the maven-plugins group with 1 update in the /core directory: [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin).
Bumps the maven-plugins group with 2 updates in the /processor directory: [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) and [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire).


Updates `org.apache.maven.plugins:maven-site-plugin` from 3.21.0 to 3.22.0
- [Release notes](https://github.com/apache/maven-site-plugin/releases)
- [Commits](apache/maven-site-plugin@maven-site-plugin-3.21.0...maven-site-plugin-3.22.0)

Updates `org.apache.maven.plugins:maven-site-plugin` from 3.21.0 to 3.22.0
- [Release notes](https://github.com/apache/maven-site-plugin/releases)
- [Commits](apache/maven-site-plugin@maven-site-plugin-3.21.0...maven-site-plugin-3.22.0)

Updates `org.apache.maven.plugins:maven-site-plugin` from 3.21.0 to 3.22.0
- [Release notes](https://github.com/apache/maven-site-plugin/releases)
- [Commits](apache/maven-site-plugin@maven-site-plugin-3.21.0...maven-site-plugin-3.22.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.5 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6)

Updates `org.apache.maven.plugins:maven-site-plugin` from 3.21.0 to 3.22.0
- [Release notes](https://github.com/apache/maven-site-plugin/releases)
- [Commits](apache/maven-site-plugin@maven-site-plugin-3.21.0...maven-site-plugin-3.22.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-site-plugin
  dependency-version: 3.22.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-plugins
- dependency-name: org.apache.maven.plugins:maven-site-plugin
  dependency-version: 3.22.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-plugins
- dependency-name: org.apache.maven.plugins:maven-site-plugin
  dependency-version: 3.22.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-plugins
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-plugins
- dependency-name: org.apache.maven.plugins:maven-site-plugin
  dependency-version: 3.22.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-plugins
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 2, 2026
@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

License Issues

core/pom.xml

PackageVersionLicenseIssue Type
org.apache.maven.plugins:maven-site-plugin3.22.0NullUnknown License

processor/pom.xml

PackageVersionLicenseIssue Type
org.apache.maven.plugins:maven-site-plugin3.22.0NullUnknown License
org.apache.maven.plugins:maven-surefire-plugin3.5.6NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
maven/org.apache.maven.plugins:maven-site-plugin 3.22.0 🟢 4.8
Details
CheckScoreReason
Code-Review⚠️ 2Found 5/21 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License⚠️ 0license file not detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.apache.maven.plugins:maven-site-plugin 3.22.0 🟢 4.8
Details
CheckScoreReason
Code-Review⚠️ 2Found 5/21 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License⚠️ 0license file not detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.apache.maven.plugins:maven-surefire-plugin 3.5.6 🟢 5.8
Details
CheckScoreReason
Maintained🟢 1025 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 7Found 19/25 approved changesets -- score normalized to 7
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • core/pom.xml
  • processor/pom.xml

@dependabot @github

dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 8, 2026
@dependabot dependabot Bot deleted the dependabot/maven/core/maven-plugins-442fc961ec branch June 8, 2026 08:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants