dependabot[bot] opened a new pull request, #19: URL: https://github.com/apache/fineract-loan-origination/pull/19
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.43.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/diffplug/spotless/releases";>com.diffplug.spotless:spotless-maven-plugin's releases</a>.</em></p> <blockquote> <h2>Maven Plugin v3.6.0</h2> <h3>Added</h3> <ul> <li>Add <code><cacheDirectory></code> to <code><eclipse></code>, <code><greclipse></code>, and <code><eclipseCdt></code> for the Equo/Solstice P2 cache. (<a href="https://redirect.github.com/diffplug/spotless/pull/2944";>#2944</a>)</li> <li><code>EclipseJdtFormtterStep</code> now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (<a href="https://redirect.github.com/diffplug/spotless/pull/2942";>#2942</a>)</li> </ul> <h3>Fixed</h3> <ul> <li><code><versionCatalog></code> no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The <code>maxLineLength</code> option has been removed. (<a href="https://redirect.github.com/diffplug/spotless/issues/2948";>#2948</a>)</li> <li><code>spotless:apply</code> no longer aborts on the first file with lints; it now formats all files and reports a single aggregated lint failure across every file, matching the Gradle plugin's behavior. (<a href="https://redirect.github.com/diffplug/spotless/pull/2937";>#2937</a>)</li> <li><code><greclipse></code> and <code><eclipseCdt></code> now default P2 data to the Maven local repository. (<a href="https://redirect.github.com/diffplug/spotless/pull/2944";>#2944</a>)</li> <li><code>forbidWildcardImports</code> and <code>forbidModuleImports</code> now detect imports that have leading whitespace (indentation/tabs). (<a href="https://redirect.github.com/diffplug/spotless/pull/2939";>#2939</a>)</li> </ul> <h3>Changes</h3> <ul> <li>Improved formatting performance by eliminating redundant per-step line-ending normalization in the core formatter loop. (<a href="https://redirect.github.com/diffplug/spotless/pull/2934";>#2934</a>)</li> </ul> <h2>Maven Plugin v3.5.1</h2> <h3>Fixed</h3> <ul> <li><code><licenseHeader></code> with <code><yearMode>SET_FROM_GIT</yearMode></code> no longer runs <code>git log</code> through a shell, eliminating a shell-injection vector when formatting files whose names contain shell metacharacters.</li> <li>Bump transitive <code>plexus-utils</code> <code>4.0.2</code> -> <code>4.0.3</code> to address <a href="https://github.com/advisories/GHSA-6fmv-xxpf-w3cw";>CVE-2025-67030</a>. (<a href="https://redirect.github.com/diffplug/spotless/issues/2919";>#2919</a>)</li> </ul> <h2>Maven Plugin v3.5.0</h2> <h3>Added</h3> <ul> <li><code><scalafmt></code> now reads the version from the <code>version</code> field in the scalafmt config file when no <code><version></code> is explicitly set, falling back to the built-in default only if neither is available. (<a href="https://redirect.github.com/diffplug/spotless/pull/2922";>#2922</a>)</li> <li>Add <code><toml></code> format type with <code><versionCatalog></code> step for formatting and sorting Gradle version catalog files. (<a href="https://redirect.github.com/diffplug/spotless/issues/2916";>#2916</a>)</li> <li>Add <code><javaparserVersion></code> option to <code><cleanthat></code>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (<a href="https://redirect.github.com/diffplug/spotless/pull/2903";>#2903</a>)</li> <li>Add a <code>expandWildcardImports</code> API for java (<a href="https://redirect.github.com/diffplug/spotless/pull/2930";>#2829</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Preserve case of JDBI named bind params that collide with SQL keywords (e.g. <code>:limit</code>, <code>:offset</code>) in the DBeaver SQL formatter. (<a href="https://redirect.github.com/diffplug/spotless/pull/2899";>#2899</a>)</li> <li>The <code>-Dspotless.ratchetFrom=...</code> user property now takes priority over <code><ratchetFrom></code> configured in the plugin or in individual formatters, instead of being overridden by them. (<a href="https://redirect.github.com/diffplug/spotless/pull/2896";>#2896</a>, fixes <a href="https://redirect.github.com/diffplug/spotless/issues/2842";>#2842</a>)</li> <li>Fix non-idempotent formatting when <code>importOrder()</code> is combined with <code>greclipse()</code>: a single catch-all group no longer strips blank lines that <code>greclipse()</code> independently inserted between import groups. (<a href="https://redirect.github.com/diffplug/spotless/pull/2914";>#2914</a>)</li> </ul> <h3>Changes</h3> <ul> <li>Fix <code>expandWildcardImports</code> failing on JDK XML types such as <code>org.xml.sax.InputSource</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2921";>#2921</a>)</li> <li>Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (<a href="https://redirect.github.com/diffplug/spotless/pull/2920";>#2920</a>)</li> <li>Bump default <code>cleanthat</code> version <code>2.24</code> -> <code>2.25</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2903";>#2903</a>)</li> <li>Bump default <code>eclipse-jdt</code> version from <code>4.35</code> to <code>4.39</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2912";>#2912</a>)</li> </ul> <h2>Maven Plugin v3.4.0</h2> <h3>Added</h3> <ul> <li>Add <code>tableTest</code> format type for standalone <code>.table</code> files. (<a href="https://redirect.github.com/diffplug/spotless/pull/2880";>#2880</a>)</li> </ul> <h3>Changes</h3> <ul> <li>Bump default <code>tabletest-formatter</code> version <code>1.0.1</code> -> <code>1.1.1</code>, now works with Java 17+. (<a href="https://redirect.github.com/diffplug/spotless/pull/2880";>#2880</a>)</li> </ul> <h2>Lib v3.3.1</h2> <h3>Fixed</h3> <ul> <li><code>GitPrePushHookInstaller</code> didn't work on windows, now fixed. (<a href="https://redirect.github.com/diffplug/spotless/pull/2562";>#2562</a>)</li> </ul> <h2>Lib v3.3.0</h2> <h3>Added</h3> <ul> <li>Allow specifying path to Biome JSON config file directly in <code>biome</code> step. Requires biome 2.x. (<a href="https://redirect.github.com/diffplug/spotless/pull/2548";>#2548</a>)</li> <li><code>GitPrePushHookInstaller</code>, a reusable library component for installing a Git <code>pre-push</code> hook that runs formatter checks. (<a href="https://redirect.github.com/diffplug/spotless/pull/2553";>#2553</a>)</li> <li>Allow setting Eclipse XML config from a string, not only from files (<a href="https://redirect.github.com/diffplug/spotless/pull/2361";>#2361</a>)</li> </ul> <h2>Changed</h2> <ul> <li>Bump default <code>gson</code> version to latest <code>2.11.0</code> -> <code>2.13.1</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2414";>#2414</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/diffplug/spotless/blob/main/CHANGES.md";>com.diffplug.spotless:spotless-maven-plugin's changelog</a>.</em></p> <blockquote> <h1>spotless-lib and spotless-lib-extra releases</h1> <p>If you are a Spotless user (as opposed to developer), then you are probably looking for:</p> <ul> <li><a href="https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md";>https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md</a></li> <li><a href="https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md";>https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md</a></li> </ul> <p>This document is intended for Spotless developers.</p> <p>We adhere to the <a href="https://keepachangelog.com/en/1.0.0/";>keepachangelog</a> format (starting after version <code>1.27.0</code>).</p> <h2>[Unreleased]</h2> <h3>Fixed</h3> <ul> <li>Support <code>ktfmt</code> 0.63 and use its new builder API for formatting options to better avoid future breaking changes.</li> </ul> <h3>Changes</h3> <ul> <li>Bump default <code>greclipse</code> version to latest <code>4.35</code> -> <code>4.39</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2924";>#2924</a>)</li> </ul> <h2>[4.6.2] - 2026-05-27</h2> <h3>Fixed</h3> <ul> <li><code>P2Provisioner</code> now passes cache directory overrides directly to Solstice. (<a href="https://redirect.github.com/diffplug/spotless/pull/2944";>#2944</a>)</li> <li><code>forbidWildcardImports</code> and <code>forbidModuleImports</code> now detect imports that have leading whitespace (indentation/tabs). (<a href="https://redirect.github.com/diffplug/spotless/pull/2939";>#2939</a>)</li> <li><code>versionCatalog</code> step no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The <code>maxLineLength</code> option has been removed. (<a href="https://redirect.github.com/diffplug/spotless/issues/2948";>#2948</a>)</li> </ul> <h3>Changes</h3> <ul> <li><code>EclipseJdtFormtterStep</code> now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (<a href="https://redirect.github.com/diffplug/spotless/pull/2942";>#2942</a>)</li> <li><code>Formatter</code> no longer recomputes line-ending normalization (<code>LineEnding.toUnix</code>) a second time for every formatter step that changes content, removing redundant O(n) work from the core formatting loop. (<a href="https://redirect.github.com/diffplug/spotless/pull/2934";>#2934</a>)</li> <li>expandWildcardImports support pom type dependency. (<a href="https://redirect.github.com/diffplug/spotless/issues/2839";>#2839</a>)</li> </ul> <h2>[4.6.1] - 2026-05-15</h2> <h3>Fixed</h3> <ul> <li><code>LicenseHeaderStep</code> in <code>SET_FROM_GIT</code> year mode no longer invokes <code>git log</code> through <code>bash -c</code> / <code>cmd /c</code>, eliminating a shell-injection vector when processing repositories that contain files whose names include shell metacharacters.</li> </ul> <h2>[4.6.0] - 2026-05-14</h2> <h3>Added</h3> <ul> <li><code>scalafmt()</code> now reads the version from the <code>version</code> field in the scalafmt config file when no version is explicitly set in the plugin config, falling back to the built-in default only if neither is available. (<a href="https://redirect.github.com/diffplug/spotless/pull/2922";>#2922</a>)</li> <li>Add <code>versionCatalog</code> step for formatting and sorting Gradle version catalog (<code>.toml</code>) files. (<a href="https://redirect.github.com/diffplug/spotless/issues/2916";>#2916</a>)</li> <li>Add <code>javaparserVersion</code> option to the Cleanthat step, allowing callers to override the JavaParser version pulled in transitively by Cleanthat. (<a href="https://redirect.github.com/diffplug/spotless/pull/2903";>#2903</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Preserve case of JDBI named bind params that collide with SQL keywords (e.g. <code>:limit</code>, <code>:offset</code>) in the DBeaver SQL formatter. (<a href="https://redirect.github.com/diffplug/spotless/pull/2899";>#2899</a>)</li> <li>Fix non-idempotent formatting when <code>importOrder()</code> is combined with <code>greclipse()</code>: a single catch-all group no longer strips blank lines that <code>greclipse()</code> independently inserted between import groups. (<a href="https://redirect.github.com/diffplug/spotless/pull/2914";>#2914</a>)</li> </ul> <h3>Changes</h3> <ul> <li>Fix <code>expandWildcardImports</code> failing on JDK XML types such as <code>org.xml.sax.InputSource</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2921";>#2921</a>)</li> <li>Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (<a href="https://redirect.github.com/diffplug/spotless/pull/2920";>#2920</a>)</li> <li>Bump default <code>cleanthat</code> version <code>2.24</code> -> <code>2.25</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2903";>#2903</a>)</li> <li>Bump default <code>eclipse-jdt</code> version from <code>4.35</code> to <code>4.39</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2912";>#2912</a>)</li> </ul> <h2>[4.5.0] - 2026-03-18</h2> <h3>Added</h3> <ul> <li>Add <code>tableTest</code> format type for standalone <code>.table</code> files. (<a href="https://redirect.github.com/diffplug/spotless/pull/2880";>#2880</a>)</li> </ul> <h3>Changes</h3> <ul> <li>Bump default <code>tabletest-formatter</code> version <code>1.0.1</code> -> <code>1.1.1</code>, now works with Java 17+. (<a href="https://redirect.github.com/diffplug/spotless/pull/2880";>#2880</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/diffplug/spotless/commit/71a433c5cd5e8a4983c6600a10032ce3415700ba";><code>71a433c</code></a> Published maven/3.6.0</li> <li><a href="https://github.com/diffplug/spotless/commit/3a0f1017dcdfd49042a638119c1b6d998b28c67f";><code>3a0f101</code></a> Published gradle/8.6.0</li> <li><a href="https://github.com/diffplug/spotless/commit/007e9d858177c93a3c7b6f9d1eb068937022613f";><code>007e9d8</code></a> Published lib/4.6.2</li> <li><a href="https://github.com/diffplug/spotless/commit/a074d53565e0f523c3bba7f5135ba0d8f959f98b";><code>a074d53</code></a> Allow setting the local P2 cache dir in the Spotless Gradle plugin (<a href="https://redirect.github.com/diffplug/spotless/issues/2944";>#2944</a>)</li> <li><a href="https://github.com/diffplug/spotless/commit/a266fc2b97098aed703300ecfb00a7fc6ab57467";><code>a266fc2</code></a> Merge branch 'main' into add-cache-directory-dsl</li> <li><a href="https://github.com/diffplug/spotless/commit/e0d466e5c157d41208ba84f3b0c767a4ad3d4330";><code>e0d466e</code></a> Fix: sort members treats record declarations as types (<a href="https://redirect.github.com/diffplug/spotless/issues/2942";>#2942</a>)</li> <li><a href="https://github.com/diffplug/spotless/commit/3936b6f2f9290bfe946a890c1efc791eb969c7db";><code>3936b6f</code></a> Merge branch 'main' into main</li> <li><a href="https://github.com/diffplug/spotless/commit/278765fcbbdc91d9bbcd3bff41005a350746792c";><code>278765f</code></a> fix: expandWildcardImports support pom type dependency, fix <a href="https://redirect.github.com/diffplug/spotless/issues/2839";>#2839</a> (<a href="https://redirect.github.com/diffplug/spotless/issues/2935";>#2935</a>)</li> <li><a href="https://github.com/diffplug/spotless/commit/a18ddec9bd578c77177c9478207892d63f942826";><code>a18ddec</code></a> Remove maxLineLength from versionCatalog step (<a href="https://redirect.github.com/diffplug/spotless/issues/2949";>#2949</a>)</li> <li><a href="https://github.com/diffplug/spotless/commit/b91ad871a69bb7c3722120c81f9dae3e1ee11836";><code>b91ad87</code></a> Add changelog entries for versionCatalog maxLineLength removal</li> <li>Additional commits viewable in <a href="https://github.com/diffplug/spotless/compare/lib/2.43.0...maven/3.6.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
