Skip to content

Bump the java-maven-deps group across 1 directory with 5 updates#1992

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/java/java-maven-deps-09154879d0
Open

Bump the java-maven-deps group across 1 directory with 5 updates#1992
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/java/java-maven-deps-09154879d0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the java-maven-deps group with 5 updates in the /java directory:

Package From To
com.fasterxml.jackson.core:jackson-databind 2.22.0 2.22.1
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.22.0 2.22.1
com.github.spotbugs:spotbugs-annotations 4.10.2 4.10.3
com.github.spotbugs:spotbugs-maven-plugin 4.10.2.0 4.10.3.0
org.sonatype.central:central-publishing-maven-plugin 0.10.0 0.11.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.22.0 to 2.22.1

Updates com.github.spotbugs:spotbugs-annotations from 4.10.2 to 4.10.3

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

4.10.3

SpotBugs 4.10.3

CHANGELOG

Fixed

  • Fix LI_LAZY_INIT_STATIC false negative when the null guard is written in yoda-style (null == field) (#4144)
  • Fix DC_DOUBLECHECK, NP_SYNC_AND_NULL_CHECK_FIELD and SP_SPIN_ON_FIELD false negatives when the null guard is written in yoda-style (null == field) (#4144)
  • Fix message for UNS_UNSAFE_CALL bug pattern
  • Restore CLI plugin loading by fixing DetectorFactoryCollection bootstrap ordering (#4191)
  • Fix UWF_NULL_FIELD false negative for fields initialized with cast null values (#4034)
  • Fix UMAC_UNCALLABLE_METHOD_OF_ANONYMOUS_CLASS false positive for methods reached only through method references (#4059)

Changed

  • Ant FindBugsViewerTask: use default look and feel by default. (#4165)

Refactor

  • Ant FindBugsViewerTask: extend AbstractFindBugsTask to reduce duplicate code. (#4165)

CHECKSUM

file checksum (sha256)
spotbugs-4.10.3-javadoc.jar 9670d6569864fd9a45c4aa92f6e3dc2d11e2c24b4ff0a3eabe64b293dc3f0534
spotbugs-4.10.3-sources.jar e00994265d6b771db8cc79edd70500ab8af6334f636d3ac7bf169c5d7daefcbc
spotbugs-4.10.3.tgz 53c03a77da9746ed0c17aae6c0a9419a12ddeb8bf61dd7209a2e417550afd01d
spotbugs-4.10.3.zip e814ee5bf9665412658c4d684e45eae3cf993148a71bc8bc93fb343e92288151
spotbugs-annotations-4.10.3-javadoc.jar 5da6c2d1fe6ef37022dda7fdf221965bb6de57a0276e1735f518840f56ccab1f
spotbugs-annotations-4.10.3-sources.jar 87974d23caffbc8c6e66c567747627267b5ed06573cee966d7af6d236b8d65bd
spotbugs-annotations.jar 3fabaf088f8cd10803cc87dba4666cf874bdcd2e07ad154ed3fe403647ce3f2a
spotbugs-ant-4.10.3-javadoc.jar fab78b3c109057689dc2057a18071b1a997048bb18b45ae39835c1007b18f440
spotbugs-ant-4.10.3-sources.jar af1c78c8e194c2f82ea3e0517ab38a5eb6ba608c8d0e776c9097605d6b7efca6
spotbugs-ant.jar 9ec240477b7c87270be7dfe3196180cd3763f04c369e5691feeb12e66110a065
spotbugs.jar 5b12b471979fd8d664e9772d4c7e7e11b25a55d71dbb0ef2d2dcb749959052e7
test-harness-4.10.3-javadoc.jar 1a495602098f524a4a62f227bc556f75236a0231d08d7bedaeae73d478067e94
test-harness-4.10.3-sources.jar 805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.10.3.jar bd10d1f11a1b93e4ca4db4d27772f611bd3407f9452dbbd2d1ba62584ddc171f
test-harness-core-4.10.3-javadoc.jar cb08bb86e5c9d5b4c4459ab103b9cd0dd99527a56f6fa645ec10d07b0fe75735
test-harness-core-4.10.3-sources.jar 043a55d99a517c0d9cf702b0c183b4afd3f03af9eff4a86d59bb37df1b35b532
test-harness-core-4.10.3.jar 1f9a0ee8f150dd71f960ca4f59dcf7912a45d0e9e6aefc4585fd44b975454bc0
test-harness-jupiter-4.10.3-javadoc.jar 02b463d272ccc7e6f9c7dcbfe7087da23afb6f9b8ad24316362397ae21fcf4cc
test-harness-jupiter-4.10.3-sources.jar 17144f315686bfd01c02fa4ae7c916060c41de8eed58d5b8470416fa08f46ced
test-harness-jupiter-4.10.3.jar a91146da3e993479cfefd2690781cbd102c6360ecc63a96d88995be3bd60fcbb
Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.10.3 - 2026-07-12

Fixed

  • Fix LI_LAZY_INIT_STATIC false negative when the null guard is written in yoda-style (null == field) (#4144)
  • Fix DC_DOUBLECHECK, NP_SYNC_AND_NULL_CHECK_FIELD and SP_SPIN_ON_FIELD false negatives when the null guard is written in yoda-style (null == field) (#4144)
  • Fix message for UNS_UNSAFE_CALL bug pattern
  • Restore CLI plugin loading by fixing DetectorFactoryCollection bootstrap ordering (#4191)
  • Fix UWF_NULL_FIELD false negative for fields initialized with cast null values (#4034)
  • Fix UMAC_UNCALLABLE_METHOD_OF_ANONYMOUS_CLASS false positive for methods reached only through method references (#4059)

Changed

  • Ant FindBugsViewerTask: use default look and feel by default. (#4165)

Refactor

  • Ant FindBugsViewerTask: extend AbstractFindBugsTask to reduce duplicate code. (#4165)
Commits
  • 8d5cad4 release v4.10.3
  • f849bce Update junit-framework monorepo to v6.1.2 (#4199)
  • 368a213 Fixes #4138 : Detect yoda-style null guards in lazy-init and related detector...
  • 21ba538 Update actions/stale digest to 1e223db (#4197)
  • 6c91a0d Update dependency net.sf.saxon:Saxon-HE to v12.10 (#4198)
  • 7fb263e Update actions/setup-java digest to 0f481fc (#4196)
  • c8f9bb1 fix(deprecations): Replace deprecated io close with try with resources (#4194)
  • 1c78756 chore{build): Update eclipse-convention.gradle.kts file (#4193)
  • 1aec284 fix: improve EQ_DOESNT_OVERRIDE_EQUALS warning to mention symmetry risk (#4016)
  • f3ddc36 Fixes #4055 : Record method-reference targets as called methods (#4059)
  • Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.10.2.0 to 4.10.3.0

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.10.3.0

Summary

This release delivers improvements to reliability, maintainability, and reproducibility. The SpotBugs execution path has been modernized by replacing the Ant-based launcher with ProcessBuilder, temporary auxiliary classpath handling has been improved, and toolchain detection has been made more robust. Build tooling has also been cleaned up with Maven modernization efforts, improved reproducible artifact generation, and updated documentation. Additional fixes include improved artifact handling, test coverage improvements, and dependency updates.

What's Changed

New Contributors

Full Changelog: spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.10.2.0...spotbugs-maven-plugin-4.10.3.0

Commits
  • f0e6f45 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.10.3.0
  • 86af8d5 Merge pull request #1473 from spotbugs/renovate/spotbugs.version
  • 2fc1232 Update dependency com.github.spotbugs:spotbugs to v4.10.3
  • 8938370 Merge pull request #1472 from hazendaz/antwork
  • 68ee04d Replace 'ant' usage with process builder
  • 4fcdf58 Merge pull request #1471 from hazendaz/master
  • c97f85e [ci] Minor cleanup after toolchain adjustments
  • f7dde3a [nio] Change 'spotbugsAuxClasspath' file to a temp file and remove larger try...
  • ce2addb Merge pull request #1470 from hazendaz/restructure
  • bc53d37 [ci] readme update to reproducible builesd info
  • Additional commits viewable in compare view

Updates org.sonatype.central:central-publishing-maven-plugin from 0.10.0 to 0.11.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the java-maven-deps group with 5 updates in the /java directory:

| Package | From | To |
| --- | --- | --- |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.22.0` | `2.22.1` |
| com.fasterxml.jackson.datatype:jackson-datatype-jsr310 | `2.22.0` | `2.22.1` |
| [com.github.spotbugs:spotbugs-annotations](https://github.com/spotbugs/spotbugs) | `4.10.2` | `4.10.3` |
| [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) | `4.10.2.0` | `4.10.3.0` |
| [org.sonatype.central:central-publishing-maven-plugin](https://github.com/sonatype/central-publishing-maven-plugin) | `0.10.0` | `0.11.0` |



Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jsr310` from 2.22.0 to 2.22.1

Updates `com.github.spotbugs:spotbugs-annotations` from 4.10.2 to 4.10.3
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.10.2...4.10.3)

Updates `com.github.spotbugs:spotbugs-maven-plugin` from 4.10.2.0 to 4.10.3.0
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.10.2.0...spotbugs-maven-plugin-4.10.3.0)

Updates `org.sonatype.central:central-publishing-maven-plugin` from 0.10.0 to 0.11.0
- [Commits](https://github.com/sonatype/central-publishing-maven-plugin/commits)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java-maven-deps
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  dependency-version: 2.22.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java-maven-deps
- dependency-name: com.github.spotbugs:spotbugs-annotations
  dependency-version: 4.10.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java-maven-deps
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-version: 4.10.3.0
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java-maven-deps
- dependency-name: org.sonatype.central:central-publishing-maven-plugin
  dependency-version: 0.11.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: java-maven-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jul 15, 2026
@dependabot
dependabot Bot requested a review from a team as a code owner July 15, 2026 08:44
@dependabot dependabot Bot added the java Pull requests that update java code label Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants