Bump the maven-deps group across 1 directory with 7 updates

[dependabot]

Bumps the maven-deps group with 7 updates in the / directory:

Package	From	To
com.puppycrawl.tools:checkstyle	13.2.0	13.4.0
org.checkerframework:checker-qual	3.53.1	3.54.0
net.bytebuddy:byte-buddy	1.18.5	1.18.7
net.bytebuddy:byte-buddy-agent	1.18.5	1.18.7
org.apache.maven.plugins:maven-resources-plugin	3.4.0	3.5.0
biz.aQute.bnd:bnd-maven-plugin	7.2.1	7.2.3
com.diffplug.spotless:spotless-maven-plugin	3.2.1	3.4.0

Updates com.puppycrawl.tools:checkstyle from 13.2.0 to 13.4.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-13.4.0

Checkstyle 13.4.0 - https://checkstyle.org/releasenotes.html#Release_13.4.0

Breaking backward compatibility:

#8315 - Improve violation message of ImportOrder

New:

#17565 - Line break must be present after { of non-empty block in switch rule #18065 - New Check: IllegalSymbol to forbit emoj in code

Bug fixes:

#18228 - False-positive: Suppress indentation check when quotes start at the left margin #17137 - UnnecessaryNullCheckWithInstanceOf ignores redundant null check for complex cases. #17842 - False-negative: Member names with underscores

... (truncated)

Commits

• ad2d2d2 [maven-release-plugin] prepare release checkstyle-13.4.0
• ac969f5 doc: release notes for 13.4.0
• b96d1c3 Issue #15456: Define violation messages for JavadocTagContinuationIndentation
• d47cde5 Issue #11163: Enforce file size on InputNeedBracesTestSwitchExpression
• bbb00f9 Issue #16361: add comment on testAddException
• 601213d Issue #12721: add Buildkite CI with mvn verify
• 95cecf8 dependency: bump org.openrewrite.recipe:rewrite-migrate-java
• 92dcd3d dependency: bump pmd.version from 7.22.0 to 7.23.0
• ab7a33c Issue #16361: Refactor testNewCtor
• 70cab66 Issue #16361: Add explanatory comment for testReadResourceWithInvalidName
• Additional commits viewable in compare view

Updates org.checkerframework:checker-qual from 3.53.1 to 3.54.0

Release notes

Sourced from org.checkerframework:checker-qual's releases.

Checker Framework 3.54.0

Version 3.54.0 (2026-03-02)

User-visible changes

Command-line arguments:

• Added -AinferOutputDirectory.
• Removed long-deprecated -Alint=forbidnonnullarraycomponents.

New command-line argument -Aonelinemsg puts error messages on a single line. This is useful when using a tool that only shows the first line of the error.

The command-line argument -Anomsgtext surrounds the error key with brackets instead of parenthesis. This matches Java error messages.

Implementation details

In AnnotatedTypeFactory, canonicalAnnotation() returns a non-null value.

In AnnotationClassLoader:

• Renamed hasWellDefinedTargetMetaAnnotation() to isTypeQualifierAnnotation(). The method now returns true for annotations bearing @InvisibleQualifier or @SubtypeOf, in addition to the existing @Target(TYPE_USE) check.

In TestDiagnostic:

• Renamed field message to key.
• Added new nullable field message for the full message without the key.

Removed classes and methods that have been deprecated for more than two years.

Closed issues

#6874, #7471, #7475, #7486.

Changelog

Sourced from org.checkerframework:checker-qual's changelog.

Version 3.54.0 (2026-03-02)

User-visible changes

Command-line arguments:

• Added -AinferOutputDirectory.
• Removed long-deprecated -Alint=forbidnonnullarraycomponents.

New command-line argument -Aonelinemsg puts error messages on a single line. This is useful when using a tool that only shows the first line of the error.

The command-line argument -Anomsgtext surrounds the error key with brackets instead of parenthesis. This matches Java error messages.

Implementation details

In AnnotatedTypeFactory, canonicalAnnotation() returns a non-null value.

In AnnotationClassLoader:

• Renamed hasWellDefinedTargetMetaAnnotation() to isTypeQualifierAnnotation(). The method now returns true for annotations bearing @InvisibleQualifier or @SubtypeOf, in addition to the existing @Target(TYPE_USE) check.

In TestDiagnostic:

• Renamed field message to key.
• Added new nullable field message for the full message without the key.

Removed classes and methods that have been deprecated for more than two years.

Closed issues

#6874, #7471, #7475, #7486.

Commits

• a6eff70 new release 3.54.0
• fd34700 Prep for release.
• edb6e7a Print error key in brackets (#7525)
• a79b1de Show details of the error message in test failures (#7513)
• a5ecc22 Clone the JDK using the same fork and branch as CF (#7491)
• 2770c52 Update cimg/base Docker tag to v2026.03
• bba6bc9 Update plugin com-gradleup-shadow to v9.3.2
• 3a6d4d4 Update error-prone monorepo to v2.48.0
• 70aa5f3 Update plugin net-ltgt-errorprone to v5.1.0
• 0dbd3e7 Prepare for javac AST changes
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.18.5 to 1.18.7

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

1. March 2026: version 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

Commits

• 9d76434 Releasing Byte Buddy 1.18.7
• 06498df [release] Release new version
• c74eae4 Fix pipeline and add note on accidental release.
• bc1c23a [release] Release new version
• 19a2ea4 Fix build profile.
• 33d544d Update Maven checksum extension.
• 2023f8a [release] Release new version
• bc535ba Complete reworked build script.
• 70f6a21 Add missing checksums for GPG.
• 2080329 Avoid release plugin altogether.
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy-agent from 1.18.5 to 1.18.7

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

1. March 2026: version 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

Commits

• 9d76434 Releasing Byte Buddy 1.18.7
• 06498df [release] Release new version
• c74eae4 Fix pipeline and add note on accidental release.
• bc1c23a [release] Release new version
• 19a2ea4 Fix build profile.
• 33d544d Update Maven checksum extension.
• 2023f8a [release] Release new version
• bc535ba Complete reworked build script.
• 70f6a21 Add missing checksums for GPG.
• 2080329 Avoid release plugin altogether.
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy-agent from 1.18.5 to 1.18.7

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

1. March 2026: version 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

Commits

• 9d76434 Releasing Byte Buddy 1.18.7
• 06498df [release] Release new version
• c74eae4 Fix pipeline and add note on accidental release.
• bc1c23a [release] Release new version
• 19a2ea4 Fix build profile.
• 33d544d Update Maven checksum extension.
• 2023f8a [release] Release new version
• bc535ba Complete reworked build script.
• 70f6a21 Add missing checksums for GPG.
• 2080329 Avoid release plugin altogether.
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-resources-plugin's releases.

3.5.0

• Cleanup deps (#463) @​cstamas

🚀 New features and improvements

• Bug: use change detecton strategies (#462) @​cstamas

👻 Maintenance

• Add IT for #444 issue (#446) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#449) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#447) @​slawekjaranowski

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#461) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 45 to 47 (#459) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#457) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#452) @dependabot[bot]

Commits

• ce485a0 [maven-release-plugin] prepare release maven-resources-plugin-3.5.0
• bfadfff Use maven-filtering 3.5.0 (staged)
• 3f74ba2 Drop commons-io; unused
• caefcde Bug: use change detecton strategies (#462)
• 38534e3 Cleanup deps (#463)
• 0814ec7 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#461)
• e2f9135 Bump org.apache.maven.plugins:maven-plugins from 45 to 47 (#459)
• a050be3 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#457)
• 1825b2a Bump mavenVersion from 3.9.11 to 3.9.12 (#452)
• ad31b55 Add IT for #444 issue
• Additional commits viewable in compare view

Updates biz.aQute.bnd:bnd-maven-plugin from 7.2.1 to 7.2.3

Release notes

Sourced from biz.aQute.bnd:bnd-maven-plugin's releases.

Bnd/Bndtools 7.2.3

This release fixes a mistake of previous 7.2.2. It does not contain any functional changes, but only a deprecation warning in the build if you are using the Sonatype Publishing feature. Other than that it is equal to 7.2.1

See Release Notes.

Full Changelog: bndtools/bnd@7.2.2...7.2.3

Bnd/Bndtools 7.2.2

Please ignore this release. We made a mistake, which we corrected in the next one.

See Release Notes.

Full Changelog: bndtools/bnd@7.2.1...7.2.2

Commits

• 635ffcf build: Build Release 7.2.3
• 2843b10 enable baselining again
• a71c9fa warning instead of error
• 1fd30f6 build: Build Release 7.2.3.RC1
• 8e6da4c Reapply "Add sonatype/MavenCentral repository support"
• 7c31a87 build: Build Release 7.2.2
• 9ff5041 build: Build Release 7.2.2.RC1
• 6c077e8 Revert "Add sonatype/MavenCentral repository support"
• See full diff in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.2.1 to 3.4.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.4.0

Added

• Add tableTest format type for standalone .table files. (#2880)

Changes

• Bump default tabletest-formatter version 1.0.1 -> 1.1.1, now works with Java 17+. (#2880)

Lib v3.3.1

Fixed

• GitPrePushHookInstaller didn't work on windows, now fixed. (#2562)

Lib v3.3.0

Added

• Allow specifying path to Biome JSON config file directly in biome step. Requires biome 2.x. (#2548)
• GitPrePushHookInstaller, a reusable library component for installing a Git pre-push hook that runs formatter checks. (#2553)
• Allow setting Eclipse XML config from a string, not only from files (#2361)

Changed

• Bump default gson version to latest 2.11.0 -> 2.13.1. (#2414)
• Bump default jackson version to latest 2.18.1 -> 2.19.2. (#2558)
• Bump default gherkin-utils version to latest 9.0.0 -> 9.2.0. (#2408)
• Bump default cleanthat version to latest 2.22 -> 2.23. (#2556)

Maven Plugin v3.3.0

Added

• Add tabletest-formatter support for Java and Kotlin. (#2860)

Fixed

• Fix the ability to specify a wildcard version (*) for external formatter executables, which did not work. (#2848)
• [fix] ConcurrentModificationException in expandWildcardImports (#2830)

Commits

• 708a1b0 Published maven/3.4.0
• 1cc0163 Published gradle/8.4.0
• a4cd808 Published lib/4.5.0
• 9066bf6 Add links to the changelog.
• db8dc1c Fix for illegal mutation issue with predeclareDeps (#2892)
• 0eb98a9 chore: Updated gradle plugin change
• 3f7f12e chore: Removes check for predeclare as it's not needed anymore
• 55c0c5c fix: IsolatedProjectTest.predeclaredIsUnsupported() is now actually supported...
• 47489af fix: avoid IllegalMutationException when root project uses predeclareDeps() w...
• 4010e8b test: Introduce a test harnessing predeclared deps
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions