Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.23 to 1.24 by dependabot[bot] · Pull Request #155 · apache/maven-pmd-plugin (original) (raw)

Bumps org.codehaus.mojo:animal-sniffer-maven-plugin from 1.23 to 1.24.

Release notes

Sourced from org.codehaus.mojo:animal-sniffer-maven-plugin's releases.

1.24

🚀 New features and improvements

• Restrict allowed classes during deserialization of signature files (#253) @​Marcono1234

📦 Dependency updates

• Drop dependency to plexus-container (#285) @​slachiewicz
• Bump org.codehaus.mojo:mojo-parent from 78 to 84 (#284) @​dependabot
• Bump org.apache.maven.enforcer:enforcer-api from 3.4.1 to 3.5.0 (#281) @​dependabot
• Bump org.apache.maven.plugins:maven-shade-plugin from 3.5.3 to 3.6.0 (#282) @​dependabot
• Bump org.apache.maven.shared:maven-common-artifact-filters from 3.3.2 to 3.4.0 (#283) @​dependabot
• Bump org.apache.maven.plugins:maven-shade-plugin from 3.5.1 to 3.5.3 (#279) @​dependabot
• Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 (#278) @​dependabot
• Bump org.ow2.asm:asm from 9.6 to 9.7 (#277) @​dependabot
• Bump apache/maven-gh-actions-shared from 3 to 4 (#276) @​dependabot
• Bump release-drafter/release-drafter from 5.25.0 to 6.0.0 (#272) @​dependabot
• Bump org.codehaus.mojo:mojo-parent from 77 to 78 (#271) @​dependabot
• Bump org.apache.maven.enforcer:enforcer-api from 3.2.1 to 3.4.1 (#261) @​dependabot
• Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (#266) @​dependabot
• Bump org.codehaus.mojo:mojo-parent from 74 to 77 (#264) @​dependabot
• Require Maven 3.6.3+ (#265) @​slachiewicz
• Bump org.ow2.asm:asm from 9.5 to 9.6 (#263) @​dependabot
• Bump org.apache.maven.plugins:maven-shade-plugin from 3.5.0 to 3.5.1 (#262) @​dependabot
• Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#254) @​dependabot
• Bump org.apache.ant:ant from 1.10.13 to 1.10.14 (#255) @​dependabot
• Bump maven-shade-plugin from 3.4.1 to 3.5.0 (#250) @​dependabot
• Bump plexus-utils from 3.5.1 to 4.0.0 (#247) @​dependabot
• Bump build-helper-maven-plugin from 3.3.0 to 3.4.0 (#246) @​dependabot
• Bump asm from 9.4 to 9.5 (#243) @​dependabot

👻 Maintenance

• Hashpin sensitive workflow at release-drafter.yml (#270) @​diogoteles08
• Docs: create Security Policy (#260) @​diogoteles08
• Bump build-helper-maven-plugin from 3.3.0 to 3.4.0 (#246) @​dependabot

🔧 Build

• ci: add minimal permissions on github workflows (#258) @​diogoteles08

Commits

• 585a296 [maven-release-plugin] prepare release animal-sniffer-1.24
• 2fd61f1 Drop dependency to plexus-container
• 5a1d0e4 (CI) check Java 21 and latest Maven 3.9.8
• 651abd2 Reformat code
• ff9e569 Bump org.codehaus.mojo:mojo-parent from 78 to 84
• 466443d Bump org.apache.maven.enforcer:enforcer-api from 3.4.1 to 3.5.0
• 403b142 Bump org.apache.maven.plugins:maven-shade-plugin from 3.5.3 to 3.6.0
• e2c0d80 Bump org.apache.maven.shared:maven-common-artifact-filters
• 95fe4f5 (doc) drop Temurin from CI
• f237a81 Bump org.apache.maven.plugins:maven-shade-plugin from 3.5.1 to 3.5.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)