Skip to content

Update all non-major dependencies (minor)#288

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/all-minor-patch
Open

Update all non-major dependencies (minor)#288
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Mar 29, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
org.sonarsource.scanner.maven:sonar-maven-plugin (source) 5.5.0.63565.6.0.6792 age confidence
io.github.git-commit-id:git-commit-id-maven-plugin 9.0.29.2.0 age confidence

Release Notes

SonarSource/sonar-scanner-maven (org.sonarsource.scanner.maven:sonar-maven-plugin)

v5.6.0.6792

Compare Source

Release notes - Sonar Scanner for Maven - 5.6

Maintenance

SCANMAVEN-318 Update Orchestrator and fix e2e matrix
SCANMAVEN-324 Convert e2e tests to invoker
SCANMAVEN-346 Fix CI failure
SCANMAVEN-347 Automate detection of sonar:sonar shorthand failure
SCANMAVEN-348 Bump org.assertj:assertj-core from 3.26.3 to 3.27.7 in /sonar-maven-plugin
SCANMAVEN-349 Remove Maven 4 e2e tests from promotion requirements
SCANMAVEN-356 Add automated release workflow
SCANMAVEN-357 Licence packaging standard - Maven Scanner
SCANMAVEN-358 Create SonarUpdateCenterRelease.yml
SCANMAVEN-361 Add issue-categories in automated release
SCANMAVEN-363 Fix e2e tests with Maven 4
SCANMAVEN-364 Do not run nightly builds on weekends
SCANMAVEN-365 Set up orchestrator cache
SCANMAVEN-366 Update sonar-scanner-java-library to 4.1.0.1619
SCANMAVEN-367 Update sonar-scanner-java-library to 4.1.1.1633
SCANMAVEN-369 Update parent pom to 87.0.0.3057

Feature

SCANMAVEN-281 Irrelevant encrypted properties are not filtered out in multi-module project with "sonar" in the name

git-commit-id/git-commit-id-maven-plugin (io.github.git-commit-id:git-commit-id-maven-plugin)

v9.2.0: Version 9.2.0

Compare Source

Version 9.2.0 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>io.github.git-commit-id</groupId>
    <artifactId>git-commit-id-maven-plugin</artifactId>
    <version>9.2.0</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by github actions:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
         <url>https://s01.oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though the github actions will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

  • This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in ktoso/maven-git-commit-id-plugin#279 (comment)
  • Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to git-commit-id/maven-git-commit-id-plugin#287 or git-commit-id/maven-git-commit-id-plugin#413 (comment) for details and potential workarounds

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Full Changelog: git-commit-id/git-commit-id-maven-plugin@v9.1.0...v9.2.0

v9.1.0: Version 9.1.0

Compare Source

Version 9.1.0 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

  • bump several plugins
    • bump io.github.git-commit-id:git-commit-id-plugin-core from 6.0.0 to 6.1.5
    • bump commons-io:commons-io from 2.19.0 to 2.21.0 (scope test)
    • bump org.junit.jupiter:* from 5.12.2 to 5.13.4 (scope test)
    • bump org.mockito:mockito-core from 5.18.0 to 5.23.0 (scope test)
    • bump org.assertj:assertj-core from 3.27.3 to 3.27.7 (scope test)
  • bump several maven plugins
    • bump org.apache.maven.plugins:maven-antrun-plugin from 3.1.0 to 3.2.0
    • bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.1 to 3.8.0
    • bump org.apache.maven.plugins:maven-clean-plugin from 3.4.1 to 3.5.0
    • bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.15.0
    • bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.10.0
    • bump org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.2
    • bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8
    • bump org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0
    • bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.12.0
    • bump org.apache.maven.plugins:maven-plugin-plugin from 3.15.1 to 3.15.2
    • bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.3.1
    • bump org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.5.0
    • bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0
    • bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.5
    • bump org.codehaus.mojo:versions-maven-plugin from 2.18.0 to 2.21.0
    • bump org.codehaus.mojo:exec-maven-plugin from 3.5.0 to 3.6.3
    • bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14
    • bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.15.1 to 3.15.2

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>io.github.git-commit-id</groupId>
    <artifactId>git-commit-id-maven-plugin</artifactId>
    <version>9.1.0</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by github actions:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
         <url>https://s01.oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though the github actions will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

  • This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in ktoso/maven-git-commit-id-plugin#279 (comment)
  • Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to git-commit-id/maven-git-commit-id-plugin#287 or git-commit-id/maven-git-commit-id-plugin#413 (comment) for details and potential workarounds

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Full Changelog: git-commit-id/git-commit-id-maven-plugin@v9.0.2...v9.1.0

Configuration

📅 Schedule: (in timezone Europe/Oslo)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 0e210c5 to 7e1383d Compare April 3, 2026 10:35
@renovate renovate Bot changed the title chore(deps): update dependency io.github.git-commit-id:git-commit-id-maven-plugin from v9.0.2 to v9.1.0 chore(deps): update dependency io.github.git-commit-id:git-commit-id-maven-plugin from v9.0.2 to v9.2.0 Apr 3, 2026
@renovate renovate Bot changed the title chore(deps): update dependency io.github.git-commit-id:git-commit-id-maven-plugin from v9.0.2 to v9.2.0 Update dependency io.github.git-commit-id:git-commit-id-maven-plugin from v9.0.2 to v9.2.0 Apr 8, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 7e1383d to 35b22cf Compare April 24, 2026 12:40
@renovate renovate Bot changed the title Update dependency io.github.git-commit-id:git-commit-id-maven-plugin from v9.0.2 to v9.2.0 Update all non-major dependencies (minor) Apr 24, 2026
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 24, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants