Skip to content

build(deps-dev): bump org.sonarsource.scanner.maven:sonar-maven-plugin from 5.5.0.6356 to 5.7.0.6970#180

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/org.sonarsource.scanner.maven-sonar-maven-plugin-5.7.0.6970
Open

build(deps-dev): bump org.sonarsource.scanner.maven:sonar-maven-plugin from 5.5.0.6356 to 5.7.0.6970#180
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/org.sonarsource.scanner.maven-sonar-maven-plugin-5.7.0.6970

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Copy link
Copy Markdown
Contributor

Bumps org.sonarsource.scanner.maven:sonar-maven-plugin from 5.5.0.6356 to 5.7.0.6970.

Release notes

Sourced from org.sonarsource.scanner.maven:sonar-maven-plugin's releases.

5.7.0.6970

Release notes - Sonar Scanner for Maven - 5.7

Feature

SCANMAVEN-317 Support encryption of sonar.token, and other new secure properties SCANMAVEN-332 support modular-jar artifact type SCANMAVEN-341 Rework the support of encrypted properties

Maintenance

SCANMAVEN-370 Prepare next development iteration 5.7.0 SCANMAVEN-372 Configure Renovate for sonar-scanner-maven SCANMAVEN-373 SubmitReview: Use Vault token SCANMAVEN-374 Unpin internal GitHub actions SCANMAVEN-376 Use SonarSource/.../sonar-update-center-release@v1 instead of @​master SCANMAVEN-377 Update dependency org.assertj:assertj-core to v3.27.7 [SECURITY]

5.6.0.6792

Release notes - Sonar Scanner for Maven - 5.6

Maintenance

SCANMAVEN-318 Update Orchestrator and fix e2e matrix SCANMAVEN-324 Convert e2e tests to invoker SCANMAVEN-346 Fix CI failure SCANMAVEN-347 Automate detection of sonar:sonar shorthand failure SCANMAVEN-348 Bump org.assertj:assertj-core from 3.26.3 to 3.27.7 in /sonar-maven-plugin SCANMAVEN-349 Remove Maven 4 e2e tests from promotion requirements SCANMAVEN-356 Add automated release workflow SCANMAVEN-357 Licence packaging standard - Maven Scanner SCANMAVEN-358 Create SonarUpdateCenterRelease.yml SCANMAVEN-361 Add issue-categories in automated release SCANMAVEN-363 Fix e2e tests with Maven 4 SCANMAVEN-364 Do not run nightly builds on weekends SCANMAVEN-365 Set up orchestrator cache SCANMAVEN-366 Update sonar-scanner-java-library to 4.1.0.1619 SCANMAVEN-367 Update sonar-scanner-java-library to 4.1.1.1633 SCANMAVEN-369 Update parent pom to 87.0.0.3057

Feature

SCANMAVEN-281 Irrelevant encrypted properties are not filtered out in multi-module project with "sonar" in the name

Commits
  • 9e114d7 SCANMAVEN-332 Support modular-jar (#402)
  • 7424fe5 SCANMAVEN-317 - Support encryption of sonar.token, and other new secure prope...
  • b8ff39f SCANMAVEN-341 Fix regex for encrypted property filtering for mvn4 and add tes...
  • b4c0b4a SCANMAVEN-377 Update dependency org.assertj:assertj-core to v3.27.7 [SECURITY...
  • cd19506 SCANMAVEN-372 Configure Renovate (#393)
  • 944f552 SCANMAVEN-376 Use SonarSource/.../sonar-update-center-release@v1 instead of @...
  • 2832b8a SCANMAVEN-374 Unpin internal GitHub actions (#396)
  • 81caeeb SCANMAVEN-373 SubmitReview: Use Vault token (#395)
  • c62dd74 SCANMAVEN-370 Prepare next development iteration 5.7.0 (#392)
  • 8f1042a SCANMAVEN-369 Update parent pom to 87.0.0.3057 (#391)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.sonarsource.scanner.maven:sonar-maven-plugin](https://github.com/SonarSource/sonar-scanner-maven) from 5.5.0.6356 to 5.7.0.6970.
- [Release notes](https://github.com/SonarSource/sonar-scanner-maven/releases)
- [Commits](SonarSource/sonar-scanner-maven@5.5.0.6356...5.7.0.6970)

---
updated-dependencies:
- dependency-name: org.sonarsource.scanner.maven:sonar-maven-plugin
  dependency-version: 5.7.0.6970
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 2, 2026
@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 5a89284.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

pom.xml

PackageVersionLicenseIssue Type
org.sonarsource.scanner.maven:sonar-maven-plugin5.7.0.6970NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
maven/org.sonarsource.scanner.maven:sonar-maven-plugin 5.7.0.6970 UnknownUnknown

Scanned Files

  • pom.xml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants