Skip to content

Bump maven-core.version from 3.9.15 to 3.9.16#1772

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/maven-core.version-3.9.16
Open

Bump maven-core.version from 3.9.15 to 3.9.16#1772
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/maven-core.version-3.9.16

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor

Bumps maven-core.version from 3.9.15 to 3.9.16.
Updates org.apache.maven:maven-model from 3.9.15 to 3.9.16

Updates org.apache.maven:maven-model-builder from 3.9.15 to 3.9.16

Updates org.apache.maven:maven-embedder from 3.9.15 to 3.9.16

Updates org.apache.maven:maven-settings-builder from 3.9.15 to 3.9.16

Updates org.apache.maven:maven-resolver-provider from 3.9.15 to 3.9.16

Updates org.apache.maven:maven-artifact from 3.9.15 to 3.9.16

Updates org.apache.maven:maven-core from 3.9.15 to 3.9.16

Updates org.apache.maven:maven-settings from 3.9.15 to 3.9.16

Updates org.apache.maven:maven-compat from 3.9.15 to 3.9.16

Release notes

Sourced from org.apache.maven:maven-compat's releases.

3.9.16

🐛 Bug Fixes

📦 Dependency updates

Commits
  • 2bdd9fd [maven-release-plugin] prepare release maven-3.9.16
  • 229e9d7 Trim threadConfiguration to accept input surrounded with spaces
  • 7d5fd94 Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039)
  • 0d100e5 [3.9.x] Bump to parent POM 48 (#12024)
  • 7ae7935 Backport: Maven 3.10.x fixes plugin resolution, by putting user in charge (#1...
  • 86fc95b Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980)
  • 029557a Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951)
  • b5250f2 Bump actions/cache from 5.0.4 to 5.0.5 (#11943)
  • 7ef2c23 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `maven-core.version` from 3.9.15 to 3.9.16.

Updates `org.apache.maven:maven-model` from 3.9.15 to 3.9.16

Updates `org.apache.maven:maven-model-builder` from 3.9.15 to 3.9.16

Updates `org.apache.maven:maven-embedder` from 3.9.15 to 3.9.16

Updates `org.apache.maven:maven-settings-builder` from 3.9.15 to 3.9.16

Updates `org.apache.maven:maven-resolver-provider` from 3.9.15 to 3.9.16

Updates `org.apache.maven:maven-artifact` from 3.9.15 to 3.9.16

Updates `org.apache.maven:maven-core` from 3.9.15 to 3.9.16

Updates `org.apache.maven:maven-settings` from 3.9.15 to 3.9.16

Updates `org.apache.maven:maven-compat` from 3.9.15 to 3.9.16
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](apache/maven@maven-3.9.15...maven-3.9.16)

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-model
  dependency-version: 3.9.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven:maven-model-builder
  dependency-version: 3.9.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven:maven-embedder
  dependency-version: 3.9.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven:maven-settings-builder
  dependency-version: 3.9.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven:maven-artifact
  dependency-version: 3.9.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven:maven-core
  dependency-version: 3.9.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven:maven-settings
  dependency-version: 3.9.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven:maven-compat
  dependency-version: 3.9.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 10, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

⚠️ SAST findings detected

SCA scan output
son-module-jaxb-annotations-2.11.3.jar
			|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- json-patch-1.9.jar
		|-- jackson-coreutils-1.6.jar
			|-- guava-28.1-jre.jar [1 MEDIUM, 1 LOW]
	|-- guava-28.1-jre.jar [1 MEDIUM, 1 LOW]
|-- mapdb-3.1.0.jar
	|-- guava-28.1-jre.jar [1 MEDIUM, 1 LOW]
	|-- lz4-1.3.0.jar [1 CRITICAL, 1 HIGH]
pnc-3.5.0-SNAPSHOT.jar
|-- auth-3.5.0-SNAPSHOT.jar
	|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- jackson-databind-2.19.2.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- keycloak-installed-adapter-25.0.3.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
		|-- undertow-core-2.2.24.Final.jar [1 CRITICAL, 11 HIGH, 3 MEDIUM]
			|-- xnio-api-3.8.7.Final.jar [2 HIGH]
			|-- xnio-nio-3.8.7.Final.jar
				|-- xnio-api-3.8.7.Final.jar [2 HIGH]
		|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
		|-- keycloak-adapter-core-25.0.3.jar [1 MEDIUM]
			|-- jackson-core-2.19.2.jar [1 HIGH]
			|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
			|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
			|-- keycloak-crypto-default-25.0.3.jar
				|-- bcpkix-jdk18on-1.74.jar [2 MEDIUM]
					|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
					|-- bcutil-jdk18on-1.74.jar
						|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
				|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
				|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
				|-- keycloak-server-spi-private-25.0.3.jar [1 HIGH, 4 MEDIUM, 1 LOW]
					|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
				|-- keycloak-server-spi-25.0.3.jar
					|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
		|-- keycloak-adapter-spi-25.0.3.jar
			|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
		|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
			|-- jackson-core-2.19.2.jar [1 HIGH]
			|-- keycloak-common-25.0.3.jar [2 MEDIUM]
|-- common-3.5.0-SNAPSHOT.jar
	|-- pom-manipulation-common-lite-5.3.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- pnc-common-3.5.0.jar
		|-- jsoup-1.22.2.jar
			|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 9 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [2 HIGH, 1 MEDIUM]
	|-- rest-api-3.5.0-java-client.jar
		|-- undertow-core-2.2.24.Final.jar [1 CRITICAL, 11 HIGH, 3 MEDIUM]
|-- config-3.5.0-SNAPSHOT.jar
	|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- jackson-dataformat-yaml-2.19.2.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
|-- opentelemetry-ext-cli-java-2.0.0.jar
	|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- opentelemetry-exporter-otlp-1.51.0.jar
		|-- opentelemetry-exporter-otlp-common-1.51.0.jar
			|-- opentelemetry-exporter-common-1.51.0.jar
				|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-metrics-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-trace-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- opentelemetry-sdk-1.51.0.jar
		|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-common-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-logs-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- opentelemetry-semconv-1.29.0-alpha.jar
		|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
|-- rest-client-3.5.0.jar
	|-- jackson-datatype-jdk8-2.12.6.redhat-00001.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- jackson-datatype-jsr310-2.19.2.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- vertx-core-3.9.14.jar [1 MEDIUM]
		|-- jackson-core-2.19.2.jar [1 HIGH]
		|-- netty-buffer-4.1.84.Final.jar
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-codec-http2-4.1.84.Final.jar [4 HIGH, 2 MEDIUM]
			|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 9 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [2 HIGH, 1 MEDIUM]
		|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 9 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [2 HIGH, 1 MEDIUM]
		|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-handler-proxy-4.1.84.Final.jar [1 MEDIUM]
			|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 9 MEDIUM]
			|-- netty-codec-socks-4.1.84.Final.jar
				|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [2 HIGH, 1 MEDIUM]
		|-- netty-handler-4.1.84.Final.jar [2 HIGH, 1 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-transport-native-unix-common-4.1.84.Final.jar
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-resolver-dns-4.1.84.Final.jar [2 HIGH, 1 MEDIUM]
			|-- netty-codec-dns-4.1.84.Final.jar [1 HIGH]
				|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [2 HIGH, 1 MEDIUM]
		|-- netty-resolver-4.1.84.Final.jar
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-transport-4.1.84.Final.jar
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
	|-- common-3.5.0.jar
		|-- opentelemetry-instrumentation-annotations-2.24.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]


No Policy violations were detected

Project 'bacon' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=f85d9f1a-b4b0-47cd-8126-d6bf70df9ffc
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=6d0c058f67e84d0886f851d7173c47c7ca091a6fdb1242cdbb51128e57035c41

Mend AI scan succeeded.

Support Token: 304f596a23126499e9ab8c5b2bfffe9691781098296134
SAST scan output
warning: 'KeycloakClientException' method could be abused to reveal sensitive internal information. (pig/src/main/java/org/jboss/pnc/bacon/pig/impl/addons/camel/TreeParser.java:246)
warning: 'sha1' method of 'hashlib' uses a non-recommended hash algorithm. (bacon_install.py:188)

Full logs and artifacts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants