Bump the maven-deps group with 6 updates

[dependabot]

Bumps the maven-deps group with 6 updates:

Package	From	To
com.puppycrawl.tools:checkstyle	13.2.0	13.3.0
org.checkerframework:checker-qual	3.53.1	3.54.0
net.bytebuddy:byte-buddy	1.18.5	1.18.7
net.bytebuddy:byte-buddy-agent	1.18.5	1.18.7
org.apache.maven.plugins:maven-resources-plugin	3.4.0	3.5.0
com.diffplug.spotless:spotless-maven-plugin	3.2.1	3.3.0

Updates com.puppycrawl.tools:checkstyle from 13.2.0 to 13.3.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-13.3.0

Checkstyle 13.3.0 - https://checkstyle.org/releasenotes.html#Release_13.3.0

Breaking backward compatibility:

#18146 - Clean up grammar for discontinued preview feature (pattern matching for switch)

New:

#15180 - NewCheck: UseEnhancedSwitch #18494 - New Check: GoogleNonConstantFieldNameCheck to enforce Google Java Style Guide member naming #18109 - new Check: LineEnding

Bug fixes:

#9719 - Indentation check regression with "new" #17541 - Empty line separator is not enforced in package-info.java file

... (truncated)

Commits

• cf81ad6 [maven-release-plugin] prepare release checkstyle-13.3.0
• 714ace0 doc: release notes for 13.3.0
• 5d0aa7b Issue #15180: New check UseEnhancedSwitch
• 5a92f82 dependency: bump actions/upload-artifact from 6 to 7
• 8135d34 Issue #11163: Split InputHiddenField2 into focused test inputs
• 9259fc6 Issue #18494: Add GoogleNonConstantFieldNameCheck for Google Java Style compl...
• 6d3136d Issue #18146: Remove ANTLR grammar for discontinued pattern matching preview ...
• 07fa29e Issue #9719: Fix Indentation check false positive for 'new' in ternary operator
• 427acbf Issue #18926: Re-enable RedundantSuppression inspection
• a9ccd97 Issue #18926: Re-enable 'EqualsWithItself' inspection
• Additional commits viewable in compare view

Updates org.checkerframework:checker-qual from 3.53.1 to 3.54.0

Release notes

Sourced from org.checkerframework:checker-qual's releases.

Checker Framework 3.54.0

Version 3.54.0 (2026-03-02)

User-visible changes

Command-line arguments:

• Added -AinferOutputDirectory.
• Removed long-deprecated -Alint=forbidnonnullarraycomponents.

New command-line argument -Aonelinemsg puts error messages on a single line. This is useful when using a tool that only shows the first line of the error.

The command-line argument -Anomsgtext surrounds the error key with brackets instead of parenthesis. This matches Java error messages.

Implementation details

In AnnotatedTypeFactory, canonicalAnnotation() returns a non-null value.

In AnnotationClassLoader:

• Renamed hasWellDefinedTargetMetaAnnotation() to isTypeQualifierAnnotation(). The method now returns true for annotations bearing @InvisibleQualifier or @SubtypeOf, in addition to the existing @Target(TYPE_USE) check.

In TestDiagnostic:

• Renamed field message to key.
• Added new nullable field message for the full message without the key.

Removed classes and methods that have been deprecated for more than two years.

Closed issues

#6874, #7471, #7475, #7486.

Changelog

Sourced from org.checkerframework:checker-qual's changelog.

Version 3.54.0 (2026-03-02)

User-visible changes

Command-line arguments:

• Added -AinferOutputDirectory.
• Removed long-deprecated -Alint=forbidnonnullarraycomponents.

New command-line argument -Aonelinemsg puts error messages on a single line. This is useful when using a tool that only shows the first line of the error.

The command-line argument -Anomsgtext surrounds the error key with brackets instead of parenthesis. This matches Java error messages.

Implementation details

In AnnotatedTypeFactory, canonicalAnnotation() returns a non-null value.

In AnnotationClassLoader:

• Renamed hasWellDefinedTargetMetaAnnotation() to isTypeQualifierAnnotation(). The method now returns true for annotations bearing @InvisibleQualifier or @SubtypeOf, in addition to the existing @Target(TYPE_USE) check.

In TestDiagnostic:

• Renamed field message to key.
• Added new nullable field message for the full message without the key.

Removed classes and methods that have been deprecated for more than two years.

Closed issues

#6874, #7471, #7475, #7486.

Commits

• a6eff70 new release 3.54.0
• fd34700 Prep for release.
• edb6e7a Print error key in brackets (#7525)
• a79b1de Show details of the error message in test failures (#7513)
• a5ecc22 Clone the JDK using the same fork and branch as CF (#7491)
• 2770c52 Update cimg/base Docker tag to v2026.03
• bba6bc9 Update plugin com-gradleup-shadow to v9.3.2
• 3a6d4d4 Update error-prone monorepo to v2.48.0
• 70aa5f3 Update plugin net-ltgt-errorprone to v5.1.0
• 0dbd3e7 Prepare for javac AST changes
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.18.5 to 1.18.7

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

1. March 2026: version 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

Commits

• 9d76434 Releasing Byte Buddy 1.18.7
• 06498df [release] Release new version
• c74eae4 Fix pipeline and add note on accidental release.
• bc1c23a [release] Release new version
• 19a2ea4 Fix build profile.
• 33d544d Update Maven checksum extension.
• 2023f8a [release] Release new version
• bc535ba Complete reworked build script.
• 70f6a21 Add missing checksums for GPG.
• 2080329 Avoid release plugin altogether.
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy-agent from 1.18.5 to 1.18.7

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

1. March 2026: version 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

Commits

• 9d76434 Releasing Byte Buddy 1.18.7
• 06498df [release] Release new version
• c74eae4 Fix pipeline and add note on accidental release.
• bc1c23a [release] Release new version
• 19a2ea4 Fix build profile.
• 33d544d Update Maven checksum extension.
• 2023f8a [release] Release new version
• bc535ba Complete reworked build script.
• 70f6a21 Add missing checksums for GPG.
• 2080329 Avoid release plugin altogether.
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy-agent from 1.18.5 to 1.18.7

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

1. March 2026: version 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

Commits

• 9d76434 Releasing Byte Buddy 1.18.7
• 06498df [release] Release new version
• c74eae4 Fix pipeline and add note on accidental release.
• bc1c23a [release] Release new version
• 19a2ea4 Fix build profile.
• 33d544d Update Maven checksum extension.
• 2023f8a [release] Release new version
• bc535ba Complete reworked build script.
• 70f6a21 Add missing checksums for GPG.
• 2080329 Avoid release plugin altogether.
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-resources-plugin's releases.

3.5.0

• Cleanup deps (#463) @​cstamas

🚀 New features and improvements

• Bug: use change detecton strategies (#462) @​cstamas

👻 Maintenance

• Add IT for #444 issue (#446) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#449) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#447) @​slawekjaranowski

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#461) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 45 to 47 (#459) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#457) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#452) @dependabot[bot]

Commits

• ce485a0 [maven-release-plugin] prepare release maven-resources-plugin-3.5.0
• bfadfff Use maven-filtering 3.5.0 (staged)
• 3f74ba2 Drop commons-io; unused
• caefcde Bug: use change detecton strategies (#462)
• 38534e3 Cleanup deps (#463)
• 0814ec7 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#461)
• e2f9135 Bump org.apache.maven.plugins:maven-plugins from 45 to 47 (#459)
• a050be3 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#457)
• 1825b2a Bump mavenVersion from 3.9.11 to 3.9.12 (#452)
• ad31b55 Add IT for #444 issue
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.2.1 to 3.3.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Lib v3.3.0

Added

• Allow specifying path to Biome JSON config file directly in biome step. Requires biome 2.x. (#2548)
• GitPrePushHookInstaller, a reusable library component for installing a Git pre-push hook that runs formatter checks. (#2553)
• Allow setting Eclipse XML config from a string, not only from files (#2361)

Changed

• Bump default gson version to latest 2.11.0 -> 2.13.1. (#2414)
• Bump default jackson version to latest 2.18.1 -> 2.19.2. (#2558)
• Bump default gherkin-utils version to latest 9.0.0 -> 9.2.0. (#2408)
• Bump default cleanthat version to latest 2.22 -> 2.23. (#2556)

Maven Plugin v3.3.0

Added

• Add tabletest-formatter support for Java and Kotlin. (#2860)

Fixed

• Fix the ability to specify a wildcard version (*) for external formatter executables, which did not work. (#2848)
• [fix] ConcurrentModificationException in expandWildcardImports (#2830)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

[3.3.0] - 2025-07-20

Added

• Allow specifying path to Biome JSON config file directly in biome step. Requires biome 2.x. (#2548)
• GitPrePushHookInstaller, a reusable library component for installing a Git pre-push hook that runs formatter checks. (#2553)
• Allow setting Eclipse XML config from a string, not only from files (#2361)

Changed

• Bump default gson version to latest 2.11.0 -> 2.13.1. (#2414)
• Bump default jackson version to latest 2.18.1 -> 2.19.2. (#2558)
• Bump default gherkin-utils version to latest 9.0.0 -> 9.2.0. (#2408)
• Bump default cleanthat version to latest 2.22 -> 2.23. (#2556)

[3.2.0] - 2025-07-07

Added

• Support for idea (#2020, #2535)
• Add support for removing wildcard imports via removeWildcardImports step. (#2517)
• scalafmt: enforce version consistency between the version configured in Spotless and the version declared in Scalafmt config file (#2460)

Fixed

• SortPom disable expandEmptyElements, to avoid empty body warnings. (#2520)
• Fix biome formatter for new major release 2.x of biome (#2537)
• Make sure npm-based formatters use the correct node_modules directory when running in parallel. (#2542)

Changed

• Bump internal dependencies for npm-based formatters (#2542)

[3.1.2] - 2025-05-27

Fixed

• Fix UnsupportedOperationException in the Gradle plugin when using targetExcludeContent[Pattern] (#2487)
• pgp key had expired, this and future releases will be signed by new key (details)

Changed

• Bump default eclipse version to latest 4.34 -> 4.35. (#2458)
• Bump default greclipse version to latest 4.32 -> 4.35. (#2458)

[3.1.1] - 2025-04-07

Changed

• Use palantir-java-format 2.57.0 on Java 21. (#2447)
• Re-try npm install with --prefer-online after ERESOLVE error. (#2448)
• Allow multiple npm-based formatters having the same module dependencies, to share a node_modules dir without race conditions. #2462)

[3.1.0] - 2025-02-20

Added

• Support forclang-format on maven-plugin (#2406)
• Allow overriding classLoader for all JarStates to enable spotless-cli (#2427)

[3.0.2] - 2025-01-14

Fixed

• Node.JS-based tasks now work with the configuration cache (#2372)
• Eclipse-based tasks can now handle parallel configuration (#2389)

[3.0.1] - 2025-01-07

Fixed

• Deployment was missing part of the CDT formatter, now fixed. (#2384)

... (truncated)

Commits

• 015df60 Published lib/3.3.0
• a7ea252 feat: supply eclipse formatter settings as XML content (#2361)
• 0d0192d Use try-with-resources to make sure we don't have dangling streams.
• b12ff7c More changelog fixup.
• b26c800 Update changelogs.
• 9798251 Merge branch 'main' into feature/eclipse-config-without-file-xml
• af40183 add git pre push hook (#2553)
• cee7009 fix(deps): update jackson monorepo to v2.19.2 (#2558)
• 2dadeb6 uninstall fix
• 259ec38 Modify git-hook docs, with an eye towards a future where there is both a pre-...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions