[PR] Bump net.sourceforge.pmd:pmd-java from 7.22.0 to 7.23.0 [cxf]

Thu, 02 Apr 2026 19:47:58 -0700 


dependabot[bot] opened a new pull request, #3017:
URL: https://github.com/apache/cxf/pull/3017

   Bumps [net.sourceforge.pmd:pmd-java](https://github.com/pmd/pmd) from 7.22.0 
to 7.23.0.
   <details>
   <summary>Release notes</summary>
   <p><em>Sourced from <a 
href="https://github.com/pmd/pmd/releases";>net.sourceforge.pmd:pmd-java's 
releases</a>.</em></p>
   <blockquote>
   <h2>PMD 7.23.0 (27-March-2026)</h2>
   <h2>27-March-2026 - 7.23.0</h2>
   <p>The PMD team is pleased to announce PMD 7.23.0.</p>
   <p>This is a minor release.</p>
   <h3>Table Of Contents</h3>
   <ul>
   <li><a href="https://github.com/pmd/pmd/blob/HEAD/#fixed-issues";>🐛️ Fixed 
Issues</a></li>
   <li><a href="https://github.com/pmd/pmd/blob/HEAD/#merged-pull-requests";>✨️ 
Merged pull requests</a></li>
   <li><a href="https://github.com/pmd/pmd/blob/HEAD/#dependency-updates";>📦️ 
Dependency updates</a></li>
   <li><a href="https://github.com/pmd/pmd/blob/HEAD/#stats";>📈️ Stats</a></li>
   </ul>
   <h3>🐛️ Fixed Issues</h3>
   <ul>
   <li>core
   <ul>
   <li><a href="https://redirect.github.com/pmd/pmd/issues/6503";>#6503</a>: 
[core] Links in HTML report are broken</li>
   </ul>
   </li>
   <li>java-errorprone
   <ul>
   <li><a href="https://redirect.github.com/pmd/pmd/issues/6502";>#6502</a>: 
[java] CloseResource: False positive for allowedResourceMethodPatterns entries 
when using unqualified method calls</li>
   </ul>
   </li>
   <li>java-security
   <ul>
   <li><a href="https://redirect.github.com/pmd/pmd/issues/6531";>#6531</a>: 
[java] InsecureCryptoIv: False negative with fixed IVs from array 
initializers</li>
   </ul>
   </li>
   </ul>
   <h3>✨️ Merged pull requests</h3>
   <!-- raw HTML omitted -->
   <ul>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6467";>#6467</a>: [ci] 
Use typos gh-action - <a href="https://github.com/adangel";>Andreas Dangel</a> 
(<a href="https://github.com/adangel";><code>@​adangel</code></a>)</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6488";>#6488</a>: [doc] 
Update security.md for CVE-2026-28338 - <a 
href="https://github.com/adangel";>Andreas Dangel</a> (<a 
href="https://github.com/adangel";><code>@​adangel</code></a>)</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6489";>#6489</a>: [doc] 
CPD: document --report-file parameter - <a 
href="https://github.com/adangel";>Andreas Dangel</a> (<a 
href="https://github.com/adangel";><code>@​adangel</code></a>)</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6504";>#6504</a>: 
[core] Fix <a href="https://redirect.github.com/pmd/pmd/issues/6503";>#6503</a>: 
Don't escape externalInfoUrl in reports - <a 
href="https://github.com/adangel";>Andreas Dangel</a> (<a 
href="https://github.com/adangel";><code>@​adangel</code></a>)</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6505";>#6505</a>: 
[java] Fix <a href="https://redirect.github.com/pmd/pmd/issues/6502";>#6502</a>: 
CloseResource should consider unqualified method calls - <a 
href="https://github.com/adangel";>Andreas Dangel</a> (<a 
href="https://github.com/adangel";><code>@​adangel</code></a>)</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6545";>#6545</a>: 
[java] Fix <a href="https://redirect.github.com/pmd/pmd/issues/6531";>#6531</a>: 
False negative in InsecureCryptoIv with array initializers - <a 
href="https://github.com/zbynek";>Zbynek Konecny</a> (<a 
href="https://github.com/zbynek";><code>@​zbynek</code></a>)</li>
   </ul>
   <h3>📦️ Dependency updates</h3>
   <!-- raw HTML omitted -->
   <ul>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6476";>#6476</a>: Bump 
PMD from 7.21.0 to 7.22.0</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6479";>#6479</a>: 
chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6480";>#6480</a>: 
chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6481";>#6481</a>: 
chore(deps): bump com.puppycrawl.tools:checkstyle from 13.2.0 to 13.3.0</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6482";>#6482</a>: 
chore(deps): bump org.mockito:mockito-core from 5.21.0 to 5.22.0</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6483";>#6483</a>: 
chore(deps-dev): bump net.bytebuddy:byte-buddy from 1.18.5 to 1.18.7</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6484";>#6484</a>: 
chore(deps): bump org.yaml:snakeyaml from 2.5 to 2.6</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6485";>#6485</a>: 
chore(deps): bump org.checkerframework:checker-qual from 3.53.1 to 3.54.0</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6486";>#6486</a>: 
chore(deps-dev): bump net.bytebuddy:byte-buddy-agent from 1.18.5 to 1.18.7</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6487";>#6487</a>: 
chore(deps): bump com.google.protobuf:protobuf-java from 4.33.5 to 4.34.0</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6490";>#6490</a>: 
chore: Update gems, remove github-pages</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6498";>#6498</a>: 
chore(deps): bump ruby/setup-ruby from 1.288.0 to 1.290.0</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6499";>#6499</a>: 
chore(deps-dev): bump commons-logging:commons-logging from 1.3.5 to 1.3.6</li>
   <li><a href="https://redirect.github.com/pmd/pmd/pull/6500";>#6500</a>: 
chore(deps-dev): bump org.apache.maven.plugins:maven-shade-plugin from 3.6.1 to 
3.6.2</li>
   </ul>
   <!-- raw HTML omitted -->
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a 
href="https://github.com/pmd/pmd/commit/8562692642ebb9bbd63300270de9ebc2b3860309";><code>8562692</code></a>
 [release] prepare release pmd_releases/7.23.0</li>
   <li><a 
href="https://github.com/pmd/pmd/commit/8f406ef8e24ac03ec5eed13b3dcbcca0df96191e";><code>8f406ef</code></a>
 Prepare pmd release 7.23.0</li>
   <li><a 
href="https://github.com/pmd/pmd/commit/184b977b2206eed619bbff4d20f1a490d819f9df";><code>184b977</code></a>
 Update contributors for 7.23.0</li>
   <li><a 
href="https://github.com/pmd/pmd/commit/bed0dedf7a2d4f59aa5e53a73c8a10a61bfef7e8";><code>bed0ded</code></a>
 chore: do-release.sh - use ruby 4</li>
   <li><a 
href="https://github.com/pmd/pmd/commit/127df3a2a905f3ac6685d4291668f59d0a299476";><code>127df3a</code></a>
 [java] Fix <a 
href="https://redirect.github.com/pmd/pmd/issues/6531";>#6531</a>: False 
negative in InsecureCryptoIv with array initializers ...</li>
   <li><a 
href="https://github.com/pmd/pmd/commit/5dbbe19b2244cf3be6f2a9cac3d88ce978832d8a";><code>5dbbe19</code></a>
 [doc] Update release notes (<a 
href="https://redirect.github.com/pmd/pmd/issues/6531";>#6531</a>, <a 
href="https://redirect.github.com/pmd/pmd/issues/6545";>#6545</a>)</li>
   <li><a 
href="https://github.com/pmd/pmd/commit/2fce070981af18227ff56d131eb7d754cc9eb886";><code>2fce070</code></a>
 chore: use ruby4 (<a 
href="https://redirect.github.com/pmd/pmd/issues/6551";>#6551</a>)</li>
   <li><a 
href="https://github.com/pmd/pmd/commit/4f450c3986ffd9b4e532d1a8159b4aedfdb38306";><code>4f450c3</code></a>
 chore(deps): bump com.google.protobuf:protobuf-java from 4.34.0 to 4.34.1 (<a 
href="https://redirect.github.com/pmd/pmd/issues/6";>#6</a>...</li>
   <li><a 
href="https://github.com/pmd/pmd/commit/00426b45c70e64211aaa5c3e7aec0a97051142d9";><code>00426b4</code></a>
 chore(deps): bump actions/cache from 5.0.3 to 5.0.4 (<a 
href="https://redirect.github.com/pmd/pmd/issues/6548";>#6548</a>)</li>
   <li><a 
href="https://github.com/pmd/pmd/commit/287971a34b07a724daccb3acf6c5186d70ed7142";><code>287971a</code></a>
 [java] Fix false negative in InsecureCryptoIv with array initializers</li>
   <li>Additional commits viewable in <a 
href="https://github.com/pmd/pmd/compare/pmd_releases/7.22.0...pmd_releases/7.23.0";>compare
 view</a></li>
   </ul>
   </details>
   <br />
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=net.sourceforge.pmd:pmd-java&package-manager=maven&previous-version=7.22.0&new-version=7.23.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot show <dependency name> ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to