Skip to content

build(deps): bump the maven-plugins group across 1 directory with 3 updates#81

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/maven-plugins-e17b279e8a
Open

build(deps): bump the maven-plugins group across 1 directory with 3 updates#81
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/maven-plugins-e17b279e8a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the maven-plugins group with 3 updates in the / directory: dev.sigstore:sigstore-maven-plugin, org.jacoco:jacoco-maven-plugin and org.graalvm.buildtools:native-maven-plugin.

Updates dev.sigstore:sigstore-maven-plugin from 2.1.0 to 2.2.0

Release notes

Sourced from dev.sigstore:sigstore-maven-plugin's releases.

v2.2.0

See CHANGELOG.md for more details.

What's Changed

New Contributors

Full Changelog: sigstore/sigstore-java@v2.1.0...v2.2.0

Changelog

Sourced from dev.sigstore:sigstore-maven-plugin's changelog.

[2.2.0] - 2026-06-10

Added

Changed

  • DSSE types logged with rekor v2 will use hashedrekord as the log entry type, the dsse log type is no longer in use for rekor v2: sigstore/sigstore-java#1202
Commits
  • 55eec24 Merge pull request #1204 from sigstore/token-from-env
  • 80faad5 Merge pull request #1194 from arpitjain099/chore/cifuzz-perms
  • 7093d0b Add SIGSTORE_JAVA_ID_TOKEN for passing id token
  • ec147e7 ci: declare contents: read permissions on cifuzz workflow
  • 67503fc Merge pull request #1188 from arpitjain099/chore/declare-workflow-perms
  • d59fe48 Merge pull request #1193 from sigstore/renovate/com.github.vlsi.gradle-extens...
  • c04b6d2 Merge pull request #1178 from sigstore/renovate/jetty-monorepo
  • a52fc64 Update jetty monorepo to v12.1.10
  • fde64e4 Update dependency com.github.vlsi.gradle-extensions:com.github.vlsi.gradle-ex...
  • ef3f101 Merge pull request #1202 from sigstore/dsseXhashedrekord
  • Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.15

New Features

  • JaCoCo now officially supports Java 26 (GitHub #2076).
  • Experimental support for Java 27 class files (GitHub #2004).
  • Compatibility methods generated by Kotlin compiler for functions defined in interfaces are filtered out during generation of report (GitHub #1905).
  • Compatibility methods generated by Kotlin compiler for exposed boxed inline value classes (JvmExposeBoxed annotation) are filtered out during generation of report (GitHub #1944).
  • Methods generated by the Kotlin compiler for functions with JvmStatic annotation are filtered out during generation of report (GitHub #2097).
  • Improved filtering of bytecode generated by Kotlin compiler for when expressions and statements with kotlin.String subject where first branch condition contains string with largest hash (GitHub #2098).
  • Part of bytecode that javac versions from 24 to 26 generate for switch statements and expressions with selector expression of type java.lang.String inside lambdas is filtered out during generation of report (GitHub #2023).
  • Improved performance of Kotlin files analysis by parsing SMAPs only once per class (GitHub #2114).
  • For better performance agent output methods tcpclient and tcpserver use BufferedOutputStream to write execution data to socket. Maven plugin, Ant tasks, CLI, API usage examples, and ExecDumpClient API use BufferedInputStream to read execution data from socket. Third-party integrations should do the same to benefit from this change in agent (GitHub #2089).

Fixed bugs

  • Fixed processing of Kotlin SMAP in synthetic classes (GitHub #1985).
  • Multiple JaCoCo runtimes within one JVM writing to the same output file should not cause data corruption when running on JDK versions from 6 to 10 affected by JDK-8166253 (GitHub #2065, #2074).
  • For better performance agent writes to output file via BufferedOutputStream, this fixes regression introduced in version 0.6.2 (GitHub #2073).
  • Fixed NullPointerException when JaCoCo agent is loaded by non system class loader, for example when loaded by JBoss Modules (GitHub #1651).

Non-functional Changes

  • JaCoCo now depends on ASM 9.10.1 (GitHub #2134).
Commits
  • 6c5260a Prepare release v0.8.15
  • 5c05141 Transfer of execution data through socket should use buffered stream (#2089)
  • ab5efa9 Remove from Azure Pipelines all builds except with JDK 5 and JDK EA (#2148)
  • 5f6ea38 Use Windows 2025 image in GitHub Actions (#2130)
  • 35a8af2 Use Renovate instead of Dependabot for updates of ASM (#2137)
  • 85b8ddf Upgrade ASM to 9.10.1 (#2134)
  • 2988647 AgentModule should use ClassLoader of agent instead of SystemClassLoader (#1651)
  • 75a4e31 Add filter for Kotlin @JvmExposeBoxed (#1944)
  • 691fa1d Use Renovate instead of Dependabot for updates of GitHub Actions (#2132)
  • 3e18f17 Require at least JDK 21 for build (#2128)
  • Additional commits viewable in compare view

Updates org.graalvm.buildtools:native-maven-plugin from 1.1.1 to 1.1.2

Release notes

Sourced from org.graalvm.buildtools:native-maven-plugin's releases.

1.1.2

What's Changed

Full Changelog: graalvm/native-build-tools@1.1.1...1.1.2

Commits
  • bb7ec92 Release 1.1.2
  • 0bd82d7 Merge pull request #918 from graalvm/update-metadata-to-1.0.3
  • f3b0fc3 Update reachability metadata to 1.0.3
  • 0373c8b Add grund repository specification (#894)
  • 31deced Merge pull request #876 from graalvm/bm/add-goal-descriptions-to-plugins
  • 2cd3fb0 Merge pull request #865 from vjovanov/vj/issue-864-macaron-checks
  • 596f1ff Clarify Macaron check requirement
  • 282a9fd Add Macaron checks for GitHub Actions workflows
  • d839662 Add plugin descriptions
  • c8b8ee8 Merge pull request #899 from graalvm/bump-version-to-1.1.2-SNAPSHOT
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the maven-plugins group across 1 directory with 3 u…
3f11191 
…pdates

Bumps the maven-plugins group with 3 updates in the / directory: [dev.sigstore:sigstore-maven-plugin](https://github.com/sigstore/sigstore-java), [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) and [org.graalvm.buildtools:native-maven-plugin](https://github.com/graalvm/native-build-tools).


Updates `dev.sigstore:sigstore-maven-plugin` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/sigstore/sigstore-java/releases)
- [Changelog](https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md)
- [Commits](sigstore/sigstore-java@v2.1.0...v2.2.0)

Updates `org.jacoco:jacoco-maven-plugin` from 0.8.14 to 0.8.15
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.14...v0.8.15)

Updates `org.graalvm.buildtools:native-maven-plugin` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/graalvm/native-build-tools/releases)
- [Commits](graalvm/native-build-tools@1.1.1...1.1.2)

---
updated-dependencies:
- dependency-name: dev.sigstore:sigstore-maven-plugin
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-plugins
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-version: 0.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-plugins
- dependency-name: org.graalvm.buildtools:native-maven-plugin
  dependency-version: 1.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-plugins
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies This issue or pull request is about third-party dependencies label Jun 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies This issue or pull request is about third-party dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants