chore(deps): bump the production-dependencies group with 8 updates

[dependabot]

Bumps the production-dependencies group with 8 updates:

Package	From	To
org.codehaus.groovy:groovy	3.0.19	3.0.21
org.codehaus.groovy:groovy-ant	3.0.19	3.0.21
org.apache.maven.plugins:maven-assembly-plugin	3.6.0	3.7.1
org.apache.maven.plugins:maven-dependency-plugin	3.6.0	3.6.1
org.codehaus.gmavenplus:gmavenplus-plugin	3.0.0	3.0.2
org.codehaus.mojo:build-helper-maven-plugin	3.4.0	3.5.0
org.codehaus.mojo:flatten-maven-plugin	1.5.0	1.6.0
org.apache.maven.plugins:maven-gpg-plugin	3.1.0	3.2.4

Updates org.codehaus.groovy:groovy from 3.0.19 to 3.0.21

Commits

• See full diff in compare view

Updates org.codehaus.groovy:groovy-ant from 3.0.19 to 3.0.21

Commits

• See full diff in compare view

Updates org.codehaus.groovy:groovy-ant from 3.0.19 to 3.0.21

Commits

• See full diff in compare view

Updates org.apache.maven.plugins:maven-assembly-plugin from 3.6.0 to 3.7.1

Release notes

Sourced from org.apache.maven.plugins:maven-assembly-plugin's releases.

3.7.1

Release Notes - Maven Assembly Plugin - Version 3.7.1

What's Changed

• [MASSEMBLY-1023] Bump org.apache.maven.shared:maven-filtering from 3.3.1 to 3.3.2 by @​dependabot in apache/maven-assembly-plugin#192
• [MASSEMBLY-1024] Bump org.apache.commons:commons-compress from 1.25.0 to 1.26.1 by @​dependabot in apache/maven-assembly-plugin#191
• [MASSEMBLY-1025] Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 by @​dependabot in apache/maven-assembly-plugin#195
• [MASSEMBLY-1022] Unresolved artifacts should be not processed by @​slawekjaranowski in apache/maven-assembly-plugin#194

Full Changelog: apache/maven-assembly-plugin@maven-assembly-plugin-3.7.0...maven-assembly-plugin-3.7.1

3.7.0

Release Notes - Maven Assembly Plugin - Version 3.7.0

... (truncated)

Commits

• 0afbb3e [maven-release-plugin] prepare release maven-assembly-plugin-3.7.1
• 74e858a [MASSEMBLY-1022] Unresolved artifacts should be not processed
• cb56382 [MASSEMBLY-1025] Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2...
• 86bbed0 [MASSEMBLY-1024] Bump org.apache.commons:commons-compress from 1.25.0 to 1.26...
• bdcc4d0 [MASSEMBLY-1023] Bump org.apache.maven.shared:maven-filtering from 3.3.1 to 3...
• 74fe92e [maven-release-plugin] prepare for next development iteration
• 9be6e87 [maven-release-plugin] prepare release maven-assembly-plugin-3.7.0
• e8630dc Bump apache/maven-gh-actions-shared from 3 to 4
• 98f97a5 Bump org.postgresql:postgresql in /src/it/projects/bugs/massembly-730
• c84e110 [MASSEMBLY-1019] Maven 3.6.3 as minimum requirements
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.6.0 to 3.6.1

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.6.1

What's Changed

• move commons-io to test scope by @​elharo in apache/maven-dependency-plugin#323
• [MDEP-869] update commons-collections to 4.4 by @​elharo in apache/maven-dependency-plugin#324
• [MDEP-868] update maven-shared-utils to 3.4.2 by @​elharo in apache/maven-dependency-plugin#322
• Tighten language by @​elharo in apache/maven-dependency-plugin#327
• [MDEP-872] update commons-io to 2.13.0 by @​elharo in apache/maven-dependency-plugin#326
• MDEP-875 prevent possible NPE by @​rosti-il in apache/maven-dependency-plugin#328
• Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 by @​dependabot in apache/maven-dependency-plugin#330
• [MDEP-832] - Remove commons-collections-4 by @​khmarbaise in apache/maven-dependency-plugin#255
• [MDEP-883] - Upgrade maven-plugin parent to 40 by @​khmarbaise in apache/maven-dependency-plugin#332
• [MNG-6847] Use diamond operator by @​timtebeek in apache/maven-dependency-plugin#335

New Contributors

• @​rosti-il made their first contribution in apache/maven-dependency-plugin#328

Full Changelog: apache/maven-dependency-plugin@maven-dependency-plugin-3.6.0...maven-dependency-plugin-3.6.1

Commits

• 4d18cfb [maven-release-plugin] prepare release maven-dependency-plugin-3.6.1
• 34348ec [MNG-6847] Use diamond operator
• 0062083 [MDEP-883] - Upgrade maven-plugin parent to 40
• c6973da [MDEP-832] - Remove commons-collections-4
• 0243c41 Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0
• 4ed696e Add Javadoc 'author' tag to prevent dangling contributor name
• 3c877fb MDEP-875 prevent possible NPE
• 9e479d4 [MDEP-872] update commons-io to 2.13.0 (#326)
• 03bc34e Tighten language (#327)
• 694655d MDEP-868 update maven-shared-utils to 3.4.2 (#322)
• Additional commits viewable in compare view

Updates org.codehaus.gmavenplus:gmavenplus-plugin from 3.0.0 to 3.0.2

Release notes

Sourced from org.codehaus.gmavenplus:gmavenplus-plugin's releases.

3.0.2

Bugs

#280 The 3.0.1 jar was corrupt (thanks @​eugene-sadovsky for reporting this!).

Enhancements

• #279 Fix CVE-2023-42503.

Potentially breaking changes

None.

Notes

The CVE fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.

3.0.1

Bugs

• #276 Fix that enabling skipBytecodeCheck causes the Groovy version to be reported as not supporting the goal (thanks for reporting this @​jgenoctr!).

Enhancements

• #264 Support targeting Java 21 bytecode (thanks @​bmarwell!).
• #253 Fix CVE-2020-8908 and CVE-2023-2976.
• Fix CVE-2023-37460 (242baa86cc3e900fdb47d4dc67db6c4932826645 and 623a56f6d8c3174f7618fc9c96d32b9e9d4186ac).

Potentially breaking changes

None.

Notes

The CVEs fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.

Commits

• 1ccbda1 [maven-release-plugin] prepare release 3.0.2
• fef1c6d Merge pull request #279 from groovy/cve-2023-42503
• dc54800 Fix CVE-2023-42503
• 4f04c7d [maven-release-plugin] prepare for next development iteration
• 8578aff [maven-release-plugin] prepare release 3.0.1
• 33a8c05 Merge pull request #278 from groovy/update-maven
• 782fec0 Update Maven version in wrapper
• f6c1c56 Merge pull request #277 from groovy/fix-bytecode-check
• 4e44955 Fix bytecode check condition (closes #276)
• ae9883f Merge pull request #275 from groovy/intellij-suggestions
• Additional commits viewable in compare view

Updates org.codehaus.mojo:build-helper-maven-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from org.codehaus.mojo:build-helper-maven-plugin's releases.

3.5.0

Changes

🚀 New features and improvements

• Add skipIfMissing flag (#187) @​hgschmie
• Add skip flags (#186) @​hgschmie
• Deprecate maven-version goal (#191) @​slawekjaranowski

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 76 to 77 (#190) @​dependabot
• Bump mojo-parent from 75 to 76 (#185) @​dependabot
• Bump mojo-parent from 74 to 75 (#184) @​dependabot
• Bump plexus-utils from 3.5.1 to 4.0.0 (#183) @​dependabot
• Bump maven-plugin-annotations from 3.8.2 to 3.9.0 (#182) @​dependabot

👻 Maintenance

• Use plugins versions from parent in ITs (#192) @​slawekjaranowski
• Use Maven Apache shared GitHub action (#189) @​slawekjaranowski
• Fix antrun version in ITs (#188) @​slawekjaranowski
• Bump mojo-parent from 75 to 76 (#185) @​dependabot

Commits

• 820d0a8 [maven-release-plugin] prepare release 3.5.0
• 497a9f5 Use plugins versions from parent in ITs
• ad1076e Add skipIfMissing flag (#187)
• faab936 Bump project version to next minor 3.5.0
• b49b7e6 Add skip flags (#186)
• 2237441 Deprecate maven-version goal
• ef477d8 Drop stale action
• 3df0c7f Bump org.codehaus.mojo:mojo-parent from 76 to 77
• e6e9ba6 Use Maven Apache shared GitHub action
• d7cb1c5 Fix antrun version in ITs
• Additional commits viewable in compare view

Updates org.codehaus.mojo:flatten-maven-plugin from 1.5.0 to 1.6.0

Release notes

Sourced from org.codehaus.mojo:flatten-maven-plugin's releases.

1.6.0

🚀 New features and improvements

• Require Maven 3.6.3 as minimum (#399) @​slawekjaranowski
• Make the default operation configurable (#371) @​hgschmie
• Add skip flags (#385) @​korthout
• Make more elements configurable in pomElements (#370) @​hgschmie

🐛 Bug Fixes

• Fix next ITs for Maven 4 (#393) @​slawekjaranowski
• #376 🐛 - Support interpolation for external profile properties (#378) @​CedricMtta

📦 Dependency updates

• Bump plexus-utils from 3.5.1 to 4.0.0 (#359) @​dependabot
• Bump org.codehaus.mojo:mojo-parent from 77 to 78 (#392) @​dependabot
• Bump org.assertj:assertj-core from 3.24.2 to 3.25.1 (#391) @​dependabot
• Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 (#389) @​dependabot
• Bump commons-io:commons-io from 2.15.0 to 2.15.1 (#388) @​dependabot
• Bump commons-io:commons-io from 2.14.0 to 2.15.0 (#381) @​dependabot
• Bump org.codehaus.mojo:mojo-parent from 76 to 77 (#380) @​dependabot
• Bump commons-io:commons-io from 2.13.0 to 2.14.0 (#375) @​dependabot
• upgrade sisu.inject: fixes Reproducible Builds (#357) @​hboutemy
• Bump guava from 31.1-jre to 32.0.0-jre in /src/it/projects/bom-pomElements/bom (#364) @​dependabot
• Bump guava from 31.1-jre to 32.0.0-jre in /src/it/projects/flatten-shaded-drp (#365) @​dependabot
• Bump guava from 31.1-jre to 32.0.0-jre in /src/it/projects/bom-flattenMode/bom (#363) @​dependabot
• Bump mojo-parent from 74 to 76 (#366) @​dependabot
• Bump commons-io from 2.12.0 to 2.13.0 (#361) @​dependabot
• Bump commons-io from 2.11.0 to 2.12.0 (#358) @​dependabot

👻 Maintenance

• upgrade sisu.inject: fixes Reproducible Builds (#357) @​hboutemy

🔧 Build

• Use default config for build (#398) @​slawekjaranowski
• Use Shared ASF Action from Release Drafter - fix (#396) @​slawekjaranowski
• Use Shared ASF Action from Release Drafter (#395) @​slawekjaranowski
• Use Maven 3.9.6 for build (#394) @​slawekjaranowski

Commits

• e2dcb2a [maven-release-plugin] prepare release 1.6.0
• d709190 Require Maven 3.6.3 as minimum
• 96d1acd Use default config for build
• 33b4219 Bump plexus-utils from 3.5.1 to 4.0.0 (#359)
• df9e9e8 Use Shared ASF Action from Release Drafter - fix
• d30a84d Use Shared ASF Action from Release Drafter
• c6f8e45 Make the default operation configurable
• 9065dba Use Maven 3.9.6 for build
• 9aa051f Fix next ITs for Maven 4
• adcac60 Bump org.codehaus.mojo:mojo-parent from 77 to 78
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.4

Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.4

Release Notes - Maven GPG Plugin - Version 3.2.4

---

• [MGPG-125] - Fix "bestPractices" (#95) @​cstamas

📦 Dependency updates

• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#94) @​dependabot

3.2.3

Release Notes - Maven GPG Plugin - Version 3.2.3

... (truncated)

Commits

• 789149e [maven-release-plugin] prepare release maven-gpg-plugin-3.2.4
• 893aedc [MGPG-125] Fix "bestPractices" (#95)
• b6f0324 [MGPG-126] Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#94)
• 3c5878b [maven-release-plugin] prepare for next development iteration
• 89b91a4 [maven-release-plugin] prepare release maven-gpg-plugin-3.2.3
• fc2efa3 [MGPG-123][MGPG-124] Dependency upgrades (#93)
• 50222d3 [MGPG-120] New mojo sign-deployed (#88)
• a6c3a09 [MGPG-122] Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.0 to 3...
• 78f5e37 [MGPG-121] Return the workaround for pseudo security (#90)
• 582df74 [MGPG-117] Improve passphrase handling (#86)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions