Bump plexus-archiver from 4.2.5 to 4.2.6 by dependabot[bot] · Pull Request #60 · mojohaus/mrm (original) (raw)

Bumps plexus-archiver from 4.2.5 to 4.2.6.

Release notes

Sourced from plexus-archiver's releases.

Plexus Archiver 4.2.6

This release updates commons-compress to 1.21 which contains security fixed for CVE-2021-35517 CVE-2021-35516 CVE-2021-35515 CVE-2021-36090

🚀 New features and improvements

• FileInputStream, FileOutputStream, FileReader and FileWriter are no longer used (#183) @​jorsol
• Code cleanup (#172) @​olamy

📦 Dependency updates

• Bump plexus from 7 to 8 (#179) @​dependabot
• Bump plexus-utils from 3.3.0 to 3.4.1 (#181) @​dependabot
• Bump commons-compress from 1.20 to 1.21 (#177) @​dependabot

Commits

• 539719e [maven-release-plugin] prepare release plexus-archiver-4.2.6
• b045a27 ci: Add JDK 17 (Final) and JDK 18-ea to build matrix
• 0177bc3 Bump plexus from 7 to 8 (#179)
• 6aae540 Bump plexus-utils from 3.3.0 to 3.4.1 (#181)
• 37d604b Avoid FileInputStream, FileOutputStream, FileReader and FileWriter (#183)
• 06e3a95 Update maven.yml
• bd64c12 Delete .travis.yml
• cf0f9c6 Bump commons-compress from 1.20 to 1.21
• 768bf7a update search.maven.org url
• bc66255 Bump actions/checkout from 2 to 2.3.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)