dependabot[bot] opened a new pull request, #563: URL: https://github.com/apache/maven-parent/pull/563
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 3.4.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/diffplug/spotless/releases";>com.diffplug.spotless:spotless-maven-plugin's releases</a>.</em></p> <blockquote> <h2>Maven Plugin v3.6.0</h2> <h3>Added</h3> <ul> <li>Add <code><cacheDirectory></code> to <code><eclipse></code>, <code><greclipse></code>, and <code><eclipseCdt></code> for the Equo/Solstice P2 cache. (<a href="https://redirect.github.com/diffplug/spotless/pull/2944";>#2944</a>)</li> <li><code>EclipseJdtFormtterStep</code> now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (<a href="https://redirect.github.com/diffplug/spotless/pull/2942";>#2942</a>)</li> </ul> <h3>Fixed</h3> <ul> <li><code><versionCatalog></code> no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The <code>maxLineLength</code> option has been removed. (<a href="https://redirect.github.com/diffplug/spotless/issues/2948";>#2948</a>)</li> <li><code>spotless:apply</code> no longer aborts on the first file with lints; it now formats all files and reports a single aggregated lint failure across every file, matching the Gradle plugin's behavior. (<a href="https://redirect.github.com/diffplug/spotless/pull/2937";>#2937</a>)</li> <li><code><greclipse></code> and <code><eclipseCdt></code> now default P2 data to the Maven local repository. (<a href="https://redirect.github.com/diffplug/spotless/pull/2944";>#2944</a>)</li> <li><code>forbidWildcardImports</code> and <code>forbidModuleImports</code> now detect imports that have leading whitespace (indentation/tabs). (<a href="https://redirect.github.com/diffplug/spotless/pull/2939";>#2939</a>)</li> </ul> <h3>Changes</h3> <ul> <li>Improved formatting performance by eliminating redundant per-step line-ending normalization in the core formatter loop. (<a href="https://redirect.github.com/diffplug/spotless/pull/2934";>#2934</a>)</li> </ul> <h2>Maven Plugin v3.5.1</h2> <h3>Fixed</h3> <ul> <li><code><licenseHeader></code> with <code><yearMode>SET_FROM_GIT</yearMode></code> no longer runs <code>git log</code> through a shell, eliminating a shell-injection vector when formatting files whose names contain shell metacharacters.</li> <li>Bump transitive <code>plexus-utils</code> <code>4.0.2</code> -> <code>4.0.3</code> to address <a href="https://github.com/advisories/GHSA-6fmv-xxpf-w3cw";>CVE-2025-67030</a>. (<a href="https://redirect.github.com/diffplug/spotless/issues/2919";>#2919</a>)</li> </ul> <h2>Maven Plugin v3.5.0</h2> <h3>Added</h3> <ul> <li><code><scalafmt></code> now reads the version from the <code>version</code> field in the scalafmt config file when no <code><version></code> is explicitly set, falling back to the built-in default only if neither is available. (<a href="https://redirect.github.com/diffplug/spotless/pull/2922";>#2922</a>)</li> <li>Add <code><toml></code> format type with <code><versionCatalog></code> step for formatting and sorting Gradle version catalog files. (<a href="https://redirect.github.com/diffplug/spotless/issues/2916";>#2916</a>)</li> <li>Add <code><javaparserVersion></code> option to <code><cleanthat></code>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (<a href="https://redirect.github.com/diffplug/spotless/pull/2903";>#2903</a>)</li> <li>Add a <code>expandWildcardImports</code> API for java (<a href="https://redirect.github.com/diffplug/spotless/pull/2930";>#2829</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Preserve case of JDBI named bind params that collide with SQL keywords (e.g. <code>:limit</code>, <code>:offset</code>) in the DBeaver SQL formatter. (<a href="https://redirect.github.com/diffplug/spotless/pull/2899";>#2899</a>)</li> <li>The <code>-Dspotless.ratchetFrom=...</code> user property now takes priority over <code><ratchetFrom></code> configured in the plugin or in individual formatters, instead of being overridden by them. (<a href="https://redirect.github.com/diffplug/spotless/pull/2896";>#2896</a>, fixes <a href="https://redirect.github.com/diffplug/spotless/issues/2842";>#2842</a>)</li> <li>Fix non-idempotent formatting when <code>importOrder()</code> is combined with <code>greclipse()</code>: a single catch-all group no longer strips blank lines that <code>greclipse()</code> independently inserted between import groups. (<a href="https://redirect.github.com/diffplug/spotless/pull/2914";>#2914</a>)</li> </ul> <h3>Changes</h3> <ul> <li>Fix <code>expandWildcardImports</code> failing on JDK XML types such as <code>org.xml.sax.InputSource</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2921";>#2921</a>)</li> <li>Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (<a href="https://redirect.github.com/diffplug/spotless/pull/2920";>#2920</a>)</li> <li>Bump default <code>cleanthat</code> version <code>2.24</code> -> <code>2.25</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2903";>#2903</a>)</li> <li>Bump default <code>eclipse-jdt</code> version from <code>4.35</code> to <code>4.39</code>. (<a href="https://redirect.github.com/diffplug/spotless/pull/2912";>#2912</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/diffplug/spotless/commit/71a433c5cd5e8a4983c6600a10032ce3415700ba";><code>71a433c</code></a> Published maven/3.6.0</li> <li><a href="https://github.com/diffplug/spotless/commit/3a0f1017dcdfd49042a638119c1b6d998b28c67f";><code>3a0f101</code></a> Published gradle/8.6.0</li> <li><a href="https://github.com/diffplug/spotless/commit/007e9d858177c93a3c7b6f9d1eb068937022613f";><code>007e9d8</code></a> Published lib/4.6.2</li> <li><a href="https://github.com/diffplug/spotless/commit/a074d53565e0f523c3bba7f5135ba0d8f959f98b";><code>a074d53</code></a> Allow setting the local P2 cache dir in the Spotless Gradle plugin (<a href="https://redirect.github.com/diffplug/spotless/issues/2944";>#2944</a>)</li> <li><a href="https://github.com/diffplug/spotless/commit/a266fc2b97098aed703300ecfb00a7fc6ab57467";><code>a266fc2</code></a> Merge branch 'main' into add-cache-directory-dsl</li> <li><a href="https://github.com/diffplug/spotless/commit/e0d466e5c157d41208ba84f3b0c767a4ad3d4330";><code>e0d466e</code></a> Fix: sort members treats record declarations as types (<a href="https://redirect.github.com/diffplug/spotless/issues/2942";>#2942</a>)</li> <li><a href="https://github.com/diffplug/spotless/commit/3936b6f2f9290bfe946a890c1efc791eb969c7db";><code>3936b6f</code></a> Merge branch 'main' into main</li> <li><a href="https://github.com/diffplug/spotless/commit/278765fcbbdc91d9bbcd3bff41005a350746792c";><code>278765f</code></a> fix: expandWildcardImports support pom type dependency, fix <a href="https://redirect.github.com/diffplug/spotless/issues/2839";>#2839</a> (<a href="https://redirect.github.com/diffplug/spotless/issues/2935";>#2935</a>)</li> <li><a href="https://github.com/diffplug/spotless/commit/a18ddec9bd578c77177c9478207892d63f942826";><code>a18ddec</code></a> Remove maxLineLength from versionCatalog step (<a href="https://redirect.github.com/diffplug/spotless/issues/2949";>#2949</a>)</li> <li><a href="https://github.com/diffplug/spotless/commit/b91ad871a69bb7c3722120c81f9dae3e1ee11836";><code>b91ad87</code></a> Add changelog entries for versionCatalog maxLineLength removal</li> <li>Additional commits viewable in <a href="https://github.com/diffplug/spotless/compare/maven/3.4.0...maven/3.6.0";>compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | com.diffplug.spotless:spotless-maven-plugin | [>= 2.33.a, < 2.34] | </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
