Skip to content

deps(deps-dev): bump com.diffplug.spotless:spotless-maven-plugin from 3.5.1 to 3.6.0#27

Merged
nil-malh merged 1 commit into
mainfrom
dependabot/maven/com.diffplug.spotless-spotless-maven-plugin-3.6.0
Jun 3, 2026
Merged

deps(deps-dev): bump com.diffplug.spotless:spotless-maven-plugin from 3.5.1 to 3.6.0#27
nil-malh merged 1 commit into
mainfrom
dependabot/maven/com.diffplug.spotless-spotless-maven-plugin-3.6.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps com.diffplug.spotless:spotless-maven-plugin from 3.5.1 to 3.6.0.

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.6.0

Added

  • Add <cacheDirectory> to <eclipse>, <greclipse>, and <eclipseCdt> for the Equo/Solstice P2 cache. (#2944)
  • EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)

Fixed

  • <versionCatalog> no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)
  • spotless:apply no longer aborts on the first file with lints; it now formats all files and reports a single aggregated lint failure across every file, matching the Gradle plugin's behavior. (#2937)
  • <greclipse> and <eclipseCdt> now default P2 data to the Maven local repository. (#2944)
  • forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)

Changes

  • Improved formatting performance by eliminating redundant per-step line-ending normalization in the core formatter loop. (#2934)
Commits
  • 71a433c Published maven/3.6.0
  • 3a0f101 Published gradle/8.6.0
  • 007e9d8 Published lib/4.6.2
  • a074d53 Allow setting the local P2 cache dir in the Spotless Gradle plugin (#2944)
  • a266fc2 Merge branch 'main' into add-cache-directory-dsl
  • e0d466e Fix: sort members treats record declarations as types (#2942)
  • 3936b6f Merge branch 'main' into main
  • 278765f fix: expandWildcardImports support pom type dependency, fix #2839 (#2935)
  • a18ddec Remove maxLineLength from versionCatalog step (#2949)
  • b91ad87 Add changelog entries for versionCatalog maxLineLength removal
  • Additional commits viewable in compare view

@dependabot dependabot Bot requested a review from nil-malh as a code owner June 1, 2026 23:16
@github-actions

github-actions Bot commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

📋 Unreleased Changelog Preview

This is what the next release notes will look like based on commits in this PR.

Changelog

All notable changes to this project will be documented in this file.

[Unreleased]

⬆️ Dependency Updates

  • Bump com.diffplug.spotless:spotless-maven-plugin (deps-dev)@dependabot[bot]

  • Bump org.slf4j:slf4j-api in the logging group (deps)@dependabot[bot]

  • Bump the kafka group with 2 updates (deps)@dependabot[bot]

  • Bump the kafka group across 1 directory with 2 updates (deps)@dependabot[bot]

  • Bump the junit5 group across 1 directory with 3 updates (deps-dev)@dependabot[bot]

  • Bump xmlunit.version from 2.11.0 to 2.12.0 (deps)@dependabot[bot]

  • Bump maven.surefire.plugin.version from 3.5.5 to 3.5.6 (deps-dev)@dependabot[bot]

  • Bump com.diffplug.spotless:spotless-maven-plugin (deps-dev)

🐛 Bug Fixes

  • Fixed an issue where a release on GitHub would not have the jars attached — @nil-malh

Generated by git-cliff

🔄 Run #86 · Tue, 02 Jun 2026 23:13:26 GMT

@github-actions

github-actions Bot commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 7f31cab.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

pom.xml

PackageVersionLicenseIssue Type
com.diffplug.spotless:spotless-maven-plugin3.6.0NullUnknown License
Allowed Licenses: Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, LGPL-2.0-only, LGPL-2.1-only, LGPL-2.1-or-later, EPL-1.0, EPL-2.0, CDDL-1.0, CC0-1.0

OpenSSF Scorecard

PackageVersionScoreDetails
maven/com.diffplug.spotless:spotless-maven-plugin 3.6.0 🟢 6.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 8/11 approved changesets -- score normalized to 7
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 7binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits

Scanned Files

  • pom.xml

@github-actions

github-actions Bot commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

✅ Test Results

Metric Count
Passed 655
Failed 0
⏭️ Skipped 0
📊 Total 655

✅ Coverage

Type Coverage Covered / Total
📏 Lines 83.7% 1720 / 2056
🌿 Branches 72.8% 519 / 713
🔧 Methods 83.3% 359 / 431

🔄 CI run #106 · Tue, 02 Jun 2026 23:16:46 GMT

@dependabot
deps(deps-dev): bump com.diffplug.spotless:spotless-maven-plugin
7f31cab 
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@maven/3.5.1...maven/3.6.0)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 3.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/com.diffplug.spotless-spotless-maven-plugin-3.6.0 branch from a499979 to 7f31cab Compare June 2, 2026 23:13
@nil-malh nil-malh merged commit 158078d into main Jun 3, 2026
10 checks passed
@dependabot dependabot Bot deleted the dependabot/maven/com.diffplug.spotless-spotless-maven-plugin-3.6.0 branch June 3, 2026 10:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nil-malh nil-malh nil-malh approved these changes

Assignees

No one assigned

Labels

dependencies java

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nil-malh