chore(deps): bump the all-deps group across 1 directory with 10 updates

[dependabot]

Bumps the all-deps group with 10 updates in the / directory:

Package	From	To
com.fasterxml.jackson.core:jackson-databind	2.20.1	2.21.0
com.fasterxml.jackson.core:jackson-core	2.20.1	2.21.0
com.fasterxml.jackson.dataformat:jackson-dataformat-xml	2.20.1	2.21.0
jakarta.xml.bind:jakarta.xml.bind-api	4.0.4	4.0.5
ch.qos.logback:logback-classic	1.5.21	1.5.29
org.apache.maven.plugins:maven-resources-plugin	3.3.1	3.4.0
org.apache.maven.plugins:maven-compiler-plugin	3.14.1	3.15.0
org.apache.maven.plugins:maven-source-plugin	3.3.1	3.4.0
com.diffplug.spotless:spotless-maven-plugin	3.1.0	3.2.1
org.sonatype.central:central-publishing-maven-plugin	0.9.0	0.10.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.20.1 to 2.21.0

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.20.1 to 2.21.0

Commits

• 80fb536 [maven-release-plugin] prepare release jackson-core-2.21.0
• 9097789 Prep for 2.21.0 release
• d678c69 Javadoc fix for StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION (defaults to `...
• 67912b2 Minor improvement to UTF32Reader.read() bounds-checks
• ecf5de2 ...
• dbb1765 Merge branch '2.20' into 2.x
• 66a9467 Merge branch '2.19' into 2.20
• b46c0bd Merge branch '2.18' into 2.19
• fae2542 release notes update
• 70c99ba Update UTF8DataInputJsonParser.java (#1512)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.20.1 to 2.21.0

Commits

• 66c8c0d [maven-release-plugin] prepare release jackson-dataformat-xml-2.21.0
• 76d5526 Prep for 2.21.0 release
• 89d8704 Merge branch '2.20' into 2.x
• e02a2f5 Post-release dep version bump
• 27923c5 [maven-release-plugin] prepare for next development iteration
• bc9cd88 Update release notes wrt #114
• fdbd1e9 Fixes #114 in 2.x: support STRICT_DUPLICATE_DETECTION (#783)
• 30ccb47 Addition to #736 test
• e003de0 Create XmlClassDeser735Test.java (#776)
• c33e1e5 Bump codecov/codecov-action from 5.5.0 to 5.5.1 (#774)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.20.1 to 2.21.0

Commits

• 80fb536 [maven-release-plugin] prepare release jackson-core-2.21.0
• 9097789 Prep for 2.21.0 release
• d678c69 Javadoc fix for StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION (defaults to `...
• 67912b2 Minor improvement to UTF32Reader.read() bounds-checks
• ecf5de2 ...
• dbb1765 Merge branch '2.20' into 2.x
• 66a9467 Merge branch '2.19' into 2.20
• b46c0bd Merge branch '2.18' into 2.19
• fae2542 release notes update
• 70c99ba Update UTF8DataInputJsonParser.java (#1512)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.20.1 to 2.21.0

Commits

• 66c8c0d [maven-release-plugin] prepare release jackson-dataformat-xml-2.21.0
• 76d5526 Prep for 2.21.0 release
• 89d8704 Merge branch '2.20' into 2.x
• e02a2f5 Post-release dep version bump
• 27923c5 [maven-release-plugin] prepare for next development iteration
• bc9cd88 Update release notes wrt #114
• fdbd1e9 Fixes #114 in 2.x: support STRICT_DUPLICATE_DETECTION (#783)
• 30ccb47 Addition to #736 test
• e003de0 Create XmlClassDeser735Test.java (#776)
• c33e1e5 Bump codecov/codecov-action from 5.5.0 to 5.5.1 (#774)
• Additional commits viewable in compare view

Updates jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5

Release notes

Sourced from jakarta.xml.bind:jakarta.xml.bind-api's releases.

Jakarta XML Binding API 4.0.5

What's Changed

• 4.0.4 release by @​lukasj in jakartaee/jaxb-api#324
• #325 restore permissive base64 decoding by @​laurentschoelens in jakartaee/jaxb-api#326
• #330 fixes documentation by @​laurentschoelens in jakartaee/jaxb-api#331
• add dependabot by @​lukasj in jakartaee/jaxb-api#332
• move dependabot config to the right location by @​lukasj in jakartaee/jaxb-api#333
• Bump the actions-dependencies group with 2 updates by @​dependabot[bot] in jakartaee/jaxb-api#334
• Bump the dependencies group across 1 directory with 2 updates by @​dependabot[bot] in jakartaee/jaxb-api#336
• Bump the maven-plugins group across 2 directories with 15 updates by @​dependabot[bot] in jakartaee/jaxb-api#335

Full Changelog: jakartaee/jaxb-api@4.0.4...4.0.5

Commits

• 33af600 Update API version of : to 4.0.5
• e8bc066 Bump the maven-plugins group across 2 directories with 15 updates
• 5884465 Bump the dependencies group across 1 directory with 2 updates
• a12f7b7 Bump the actions-dependencies group with 2 updates
• 1375104 move dependabot config to the right location
• 7680773 add dependabot
• cd71d76 #330 fixes documentation
• 4d531bd #325 restore permissive base64 decoding
• 31505d0 Merge pull request #324 from jakartaee/4.0.4-RELEASE
• c3f3109 Update API version of : to 4.0.5-SNAPSHOT
• See full diff in compare view

Updates ch.qos.logback:logback-classic from 1.5.21 to 1.5.29

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.27

2026-01-30 Release of logback version 1.5.27

• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.

• Fixed missing MDC data transmitted by SocketAppender reported in issues/1010 by Lars Vogel.

• Removed all Receiver classes and components which were already disabled for several years.

• Refactored file scanning code for improved clarity.

• In SizeAndTimeBasedRollingPolicy modified totalSizeCap and maxFileSize comparison to taking into account file compression. This fixes issues/1007.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.26

2026-01-25 Release of logback version 1.5.26

• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in issues/1003 by Marius Hanl who also provided the relevant PR.

• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in issues/1002 by Christoph Gritschenberger.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.25

2026-01-17 Release of logback version 1.5.25

• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as CVE-2026-1225.

• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in issues/997.

• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.

• Added EpochConverter to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in issues/1000 who also provided the relevant implementation PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

... (truncated)

Commits

• 5db1146 prepare release 1.5.29
• c94a5fe minor changes
• 2bc697f revert commit 4f560a0331b, once again, appender names of references are subje...
• 4192131 start work on 1.5.29-SNAPSHOT
• e7a1855 prepare release 1.5.28
• e8dee44 cosmetic changes only
• ded504c minor refactoring
• 8af5459 fix NPE as reported in issues/1014
• 4f560a0 appender names of references not subject to substitution
• eab8e1d remove spurious Sytem.out, add javadoc
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-resources-plugin's releases.

3.4.0

🚀 New features and improvements

• Enable GitHub Issues (#98) @​slawekjaranowski

📝 Documentation updates

• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#89) @​Bukama
• [MRESOURCES-299] - Be more accurate on using filtering element (#80) @​pzygielo
• Don't bother with very old versions (#59) @​elharo

👻 Maintenance

• Migrate site to Doxia 2 (#440) @​slachiewicz
• Bump Maven to 3.9.11 while keep prerequisites on 3.6.3 (#437) @​slachiewicz
• PlexusFileUtils Refaster recipes (#431) @​slachiewicz
• Add PR Automation action (#94) @​slawekjaranowski
• Improve release-drafter configuration (#93) @​slawekjaranowski
• Bump org.apache.maven.plugins:maven-plugins from 39 to 41 (#64) @dependabot[bot]
• Add dependency to slf4j-simple for test scope (#60) @​slachiewicz
• Use try with resources in integration test (#58) @​elharo
• reduce dependency scope of plexus-utils and commons-io (#57) @​elharo

📦 Dependency updates

• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#439) @dependabot[bot]
• Bump org.apache.maven.resolver:maven-resolver-api from 1.6.3 to 1.9.24 (#413) @dependabot[bot]
• Bump Maven to 3.9.11 while keep prerequisites on 3.6.3 (#437) @​slachiewicz
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#432) @dependabot[bot]
• Bump m-invoker-p to 3.9.1 (#433) @​slachiewicz
• Bump org.apache.maven.plugins:maven-plugins from 43 to 45 (#411) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#114) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#430) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#422) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#419) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#416) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#117) @dependabot[bot]
• Bump org.apache.maven.shared:maven-filtering from 3.3.2 to 3.4.0 (#107) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.18.0 (#102) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 (#104) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 43 (#101) @dependabot[bot]
• [MRESOURCES-305] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 (#65) @dependabot[bot]
• [MRESOURCES-304] - Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 (#66) @dependabot[bot]
• [MRESOURCES-303] - Bump org.apache.maven.shared:maven-filtering from 3.3.1 to 3.3.2 (#68) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0 (#62) @dependabot[bot]
• [MRESOURCES-302] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#69) @dependabot[bot]
• Bump apache/maven-gh-actions-shared from 3 to 4 (#67) @dependabot[bot]

Commits

• b07d56e [maven-release-plugin] prepare for next development iteration
• 21e646c [maven-release-plugin] prepare release maven-resources-plugin-3.4.0
• 61801af Migrate site to Doxia 2
• 146ebb8 Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#439)
• 5013682 Bump org.apache.maven.resolver:maven-resolver-api from 1.6.3 to 1.9.24
• d7c4d28 Bump Maven to 3.9.11 while keep prerequisites on 3.6.3
• e33f1ec Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29
• ce77f50 Bump m-invoker-p to 3.9.1
• 726f429 Bump org.apache.maven.plugins:maven-plugins from 43 to 45
• a747bae PlexusFileUtils Refaster recipes
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

• [MSOURCES-140] - fail only if re-attach different files (#24) @​hboutemy

👻 Maintenance

• Bump m-invoker-p to 3.9.1 (#251) @​slachiewicz
• Allow to manually execute release drafter (#58) @​slawekjaranowski
• GH Issues (Maven 3 branch) (#57) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @​Bukama

📦 Dependency updates

• Use plexus-utils version from parent (#252) @​slachiewicz
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]
• Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]
• [MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]
• [MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]
• [MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

Commits

• ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
• 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
• 7a9a770 [maven-release-plugin] prepare for next development iteration
• 292c1ce Use plexus-utils version from parent
• bf79b71 Bump m-invoker-p to 3.9.1
• 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
• a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
• 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
• ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.1.0 to 3.2.1

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.2.1

Fixed

• removeSemicolons() should not be applied to multiline strings in groovy #2780 (#2792)

Lib v3.2.0

Added

• Support for idea (#2020, #2535)
• Add support for removing wildcard imports via removeWildcardImports step. (#2517)
• scalafmt: enforce version consistency between the version configured in Spotless and the version declared in Scalafmt config file (#2460)

Fixed

• SortPom disable expandEmptyElements, to avoid empty body warnings. (#2520)
• Fix biome formatter for new major release 2.x of biome (#2537)
• Make sure npm-based formatters use the correct node_modules directory when running in parallel. (#2542)

Changed

• Bump internal dependencies for npm-based formatters (#2542)

Maven Plugin v3.2.0

Added

• Add the ability to specify a wildcard version (*) for external formatter executables. (#2757)

Changes

• Dramatic (~100x) performance improvement when using git ratchetFrom. (#2805)

Fixed

• [fix] NPE due to workingTreeIterator being null for git ignored files. #911 (#2771)
• Prevent race conditions when multiple npm-based formatters launch the server process simultaneously while sharing the same node_modules directory. (#2786)

Changes

• Bump default ktfmt version to latest 0.59 -> 0.61. (2804)
• Bump default ktlint version to latest 1.7.1 -> 1.8.0. (2763)
• Bump default gherkin-utils version to latest 9.2.0 -> 10.0.0. (#2619)

Lib v3.1.2

Fixed

• Fix UnsupportedOperationException in the Gradle plugin when using targetExcludeContent[Pattern] (#2487)
• pgp key had expired, this and future releases will be signed by new key (details)

Changed

• Bump default eclipse version to latest 4.34 -> 4.35. (#2458)
• Bump default greclipse version to latest 4.32 -> 4.35. (#2458)

Lib v3.1.1

Changed

• Use palantir-java-format 2.57.0 on Java 21. (#2447)
• Re-try npm install with --prefer-online after ERESOLVE error. (#2448)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[4.3.0] - 2026-01-27

Added

• Add P2Provisioner interface in lib-extra to enable build-tool-specific caching strategies for Eclipse P2 dependencies, fixing OutOfMemoryError in large multi-project builds. (#2788)

Fixed

• removeSemicolons() should not be applied to multiline strings in groovy #2780 (#2792)

[4.2.0] - 2026-01-22

Added

• Add a expandWildcardImports API for java (#2679)
• Add the ability to specify a wildcard version (*) for external formatter executables. (#2757)

Fixed

• Prevent race conditions when multiple npm-based formatters launch the server process simultaneously while sharing the same node_modules directory. (#2786)
• Git ratchet no longer throws an error with Git worktrees. (#2779)

Changes

• Bump default ktfmt version to latest 0.59 -> 0.61. (2804)
• Bump default ktlint version to latest 1.7.1 -> 1.8.0. (2763)
• Bump default gherkin-utils version to latest 9.2.0 -> 10.0.0. (#2619)

[4.1.0] - 2025-11-18

Changes

• Bump default ktfmt version to latest 0.58 -> 0.59. (#2681
• Bump default jackson version to latest 2.20.0 -> 2.20.1. (#2730)
• Bump default cleanthat version to latest 2.23 -> 2.24. (#2620)
• POTENTIALLY BREAKING Removed support for ktlint versions below 1.0. (#2711)

Fixed

• palantirJavaFormat is no longer arbitrarily set to outdated versions on Java 17, latest available version is always used (#2686 fixes #2685)

Added

• Add a forbidModuleImports API for java (#2679)
• new options to customize Flexmark, e.g. to allow YAML front matter (#2616)

[4.0.0] - 2025-09-24

Changes

• BREAKING Bump the required Java to 17. (#2375, #2540)
• BREAKING Renamed RemoveWildcardImportsStep to ForbidWildcardImportsStep. (#2633)
• Bump JGit from 6.10.1 to 7.3.0 (#2257)
  • Adds support for worktrees (fixes #1765)

... (truncated)

Commits

• d0f4c3d Published maven/3.2.1
• 2b7f9de Published gradle/8.2.1
• 78e26e9 Published lib/4.3.0
• 33692c2 [fix] removeSemicolons() should not be applied to multiline strings in groo...
• 90628d8 Update changelog.
• 61864a2 Merge branch 'main' into fix-removeSemicolons
• 4864bc8 Fix Gradle Cache performance issue by supporting cached P2 provisionning via ...
• 075895c docs: Mention P2 caching for gradle plugin caching
• 57214bf feat: Supports P2 in predeclare
• 8aee8ac chore: Adds a GradleProvisioner test
• Additional commits viewable in compare view

Updates org.sonatype.central:central-publishing-maven-plugin from 0.9.0 to 0.10.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions