dependabot[bot] opened a new pull request, #16552: URL: https://github.com/apache/iceberg/pull/16552
Bumps [com.diffplug.spotless:spotless-plugin-gradle](https://github.com/diffplug/spotless) from 8.4.0 to 8.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/diffplug/spotless/releases";>com.diffplug.spotless:spotless-plugin-gradle's releases</a>.</em></p> <blockquote> <h2>Gradle Plugin v8.5.1</h2> <h3>Fixed</h3> <ul> <li><code>licenseHeader</code> with <code>setLicenseHeaderYearsFromGitHistory()</code> no longer runs <code>git log</code> through a shell, eliminating a shell-injection vector when formatting files whose names contain shell metacharacters.</li> </ul> <h2>Gradle Plugin v8.5.0</h2> <h3>Added</h3> <ul> <li><code>scalafmt()</code> now reads the version from the <code>version</code> field in the scalafmt config file when no version is explicitly set in the plugin config, falling back to the built-in default only if neither is available. (<a href="https://redirect.github.com/diffplug/spotless/pull/2922";>#2922</a>)</li> <li>Add <code>toml</code> format type with <code>versionCatalog()</code> step for formatting and sorting Gradle version catalog files. (<a href="https://redirect.github.com/diffplug/spotless/issues/2916";>#2916</a>)</li> <li>Add <code>withIndentStyle</code> and <code>withIndentSize</code> configuration to <code>tableTestFormatter</code> for setting the fallback indent when no <code>.editorconfig</code> is found. (<a href="https://redirect.github.com/diffplug/spotless/pull/2893";>#2893</a>)</li> <li>Add <code>javaparserVersion(...)</code> to <code>cleanthat</code>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (<a href="https://redirect.github.com/diffplug/spotless/pull/2903";>#2903</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix <code>tableTestFormatter</code> editorconfig cache not honoring <code>.editorconfig</code> changes across Gradle daemon runs due to a shared static <code>EditorConfigProvider</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2893";>#2893</a>)</li> <li>Preserve case of JDBI named bind params that collide with SQL keywords (e.g. <code>:limit</code>, <code>:offset</code>) in the DBeaver SQL formatter. (<a href="https://redirect.github.com/diffplug/spotless/pull/2899";>#2899</a>)</li> <li>Fix non-idempotent formatting when <code>importOrder()</code> is combined with <code>greclipse()</code>: a single catch-all group no longer strips blank lines that <code>greclipse()</code> independently inserted between import groups. (<a href="https://redirect.github.com/diffplug/spotless/pull/2914";>#2914</a>)</li> <li>Fix <code>predeclareDepsFromBuildscript()</code> on Gradle 9 by avoiding mutation of the root buildscript configuration container. (<a href="https://redirect.github.com/diffplug/spotless/pull/2929";>#2929</a>, fixes <a href="https://redirect.github.com/diffplug/spotless/issues/2599";>#2599</a>)</li> </ul> <h3>Changes</h3> <ul> <li>Fix <code>expandWildcardImports</code> failing on JDK XML types such as <code>org.xml.sax.InputSource</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2921";>#2921</a>)</li> <li>Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (<a href="https://redirect.github.com/diffplug/spotless/pull/2920";>#2920</a>)</li> <li>Bump default <code>cleanthat</code> version <code>2.24</code> -> <code>2.25</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2903";>#2903</a>)</li> <li>Bump default <code>eclipse-jdt</code> version from <code>4.35</code> to <code>4.39</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2912";>#2912</a>)</li> <li>Make <code>spotlessPredeclare</code> visible to Gradle Kotlin DSL type-safe accessors. (<a href="https://redirect.github.com/diffplug/spotless/pull/2925";>#2925</a>)</li> <li>Allow <code>spotlessPredeclare</code> to be used directly without enabling it first in spotless extension. (<a href="https://redirect.github.com/diffplug/spotless/pull/2925";>#2925</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/diffplug/spotless/commit/c1595c815d5fdd344505792aa4df588f467f0ca9";><code>c1595c8</code></a> Published gradle/8.5.1</li> <li><a href="https://github.com/diffplug/spotless/commit/b26b570f7eba32554061b036206f675180cd2384";><code>b26b570</code></a> Published lib/4.6.1</li> <li><a href="https://github.com/diffplug/spotless/commit/ac3f6f14a2e007c2d36223335df96a2c9ba92719";><code>ac3f6f1</code></a> Bump plexus-utils to 4.0.3 to address CVE-2025-67030 (<a href="https://redirect.github.com/diffplug/spotless/issues/2932";>#2932</a>)</li> <li><a href="https://github.com/diffplug/spotless/commit/f5039f633d436a8831d09a934a3490d68968d684";><code>f5039f6</code></a> Bump plexus-utils to 4.0.3 to address CVE-2025-67030</li> <li><a href="https://github.com/diffplug/spotless/commit/0e77837d4789cb43b83c21d566fe4185adc4ae2b";><code>0e77837</code></a> Fix shell-injection in LicenseHeaderStep SET_FROM_GIT mode (<a href="https://redirect.github.com/diffplug/spotless/issues/2931";>#2931</a>)</li> <li><a href="https://github.com/diffplug/spotless/commit/84f642329de804615ff16f34d12a2249f1890850";><code>84f6423</code></a> Fix shell-injection in LicenseHeaderStep SET_FROM_GIT mode</li> <li><a href="https://github.com/diffplug/spotless/commit/b87eb75efe54e94a7248ff5e2d07231bcc3a1b55";><code>b87eb75</code></a> Published maven/3.5.0</li> <li><a href="https://github.com/diffplug/spotless/commit/97c3baf34b79d0028a343776bb2c2fb223930355";><code>97c3baf</code></a> Published gradle/8.5.0</li> <li><a href="https://github.com/diffplug/spotless/commit/3dd1a9690270e7191f2c7db8314a9079b127ee76";><code>3dd1a96</code></a> Published lib/4.6.0</li> <li><a href="https://github.com/diffplug/spotless/commit/05d89540ea573eae5c937ca1e9b015b78df83d9f";><code>05d8954</code></a> Feature maven expand wildcard import (<a href="https://redirect.github.com/diffplug/spotless/issues/2930";>#2930</a> fixes <a href="https://redirect.github.com/diffplug/spotless/issues/2829";>#2829</a>)</li> <li>Additional commits viewable in <a href="https://github.com/diffplug/spotless/compare/gradle/8.4.0...gradle/8.5.1";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
