build(deps): bump the maven-plugins group across 1 directory with 2 updates by dependabot[bot] · Pull Request #67 · eclipse-csi/codesign-tools

dependabot · 2026-05-29T11:28:00Z

Bumps the maven-plugins group with 2 updates in the / directory: dev.sigstore:sigstore-maven-plugin and org.apache.maven.plugins:maven-site-plugin.

Updates dev.sigstore:sigstore-maven-plugin from 2.0.0 to 2.1.0

Release notes

Sourced from dev.sigstore:sigstore-maven-plugin's releases.

v2.1.0

See CHANGELOG.md for more details.

What's Changed

Update versions after 2.0.0 release by @loosebazooka in sigstore/sigstore-java#1118

chore(deps): update sigstore/community digest to c0c5605 by @renovate[bot] in sigstore/sigstore-java#1119

fix(deps): update gradleup_nmcp to v1.3.0 by @renovate[bot] in sigstore/sigstore-java#1124

fix(deps): update dependency com.google.errorprone:error_prone_core to v2.45.0 by @renovate[bot] in sigstore/sigstore-java#1123

fix(deps): update dependency com.code-intelligence:jazzer-api to v0.28.0 by @renovate[bot] in sigstore/sigstore-java#1122

fix(deps): update bouncycastle to v1.83 by @renovate[bot] in sigstore/sigstore-java#1121

chore(deps): update actions/checkout action to v4.3.1 by @renovate[bot] in sigstore/sigstore-java#1120

ref(deps): Migrate UpdaterTest from Jetty to MockWebServer by @aaronlew02 in sigstore/sigstore-java#1125

workflows: schedule a weekly tuf-conformance run by @jku in sigstore/sigstore-java#1126

fix(deps): update dependency org.eclipse.jetty:jetty-server to v12.1.5 by @renovate[bot] in sigstore/sigstore-java#1128

fix(deps): update maven to v3.9.12 - autoclosed by @renovate[bot] in sigstore/sigstore-java#1129

chore(deps): update actions/setup-go action to v5.6.0 by @renovate[bot] in sigstore/sigstore-java#1130

chore(deps): update actions/setup-java action to v4.8.0 by @renovate[bot] in sigstore/sigstore-java#1131

fix(deps): update dependency org.mockito:mockito-bom to v5.21.0 by @renovate[bot] in sigstore/sigstore-java#1132

fix(deps): update dependency com.code-intelligence:jazzer-api to v0.29.1 by @renovate[bot] in sigstore/sigstore-java#1133

chore(deps): update sigstore/community digest to bafa89c by @renovate[bot] in sigstore/sigstore-java#1127

chore(deps): update actions/checkout action to v6 by @renovate[bot] in sigstore/sigstore-java#1137

fix(deps): update immutables to v2.12.0 by @renovate[bot] in sigstore/sigstore-java#1135

fix(deps): update gradleup_nmcp to v1.4.0 by @renovate[bot] in sigstore/sigstore-java#1134

Use StandardCharsets by @loosebazooka in sigstore/sigstore-java#1138

fix(test): Update sample bundle version from 0.2 to 0.1 by @aaronlew02 in sigstore/sigstore-java#1141

fix(deps): update protobuf_grpc by @renovate[bot] in sigstore/sigstore-java#1136

chore(deps): update actions/setup-go action to v6 by @renovate[bot] in sigstore/sigstore-java#1139

chore(deps): update actions/setup-java action to v5 by @renovate[bot] in sigstore/sigstore-java#1140

chore(deps): update actions/upload-artifact action to v6 by @renovate[bot] in sigstore/sigstore-java#1142

chore(deps): update google-github-actions/auth action to v3 by @renovate[bot] in sigstore/sigstore-java#1143

use full key fingerprints by @loosebazooka in sigstore/sigstore-java#1147

chore(deps): update google-github-actions/get-secretmanager-secrets action to v3 by @renovate[bot] in sigstore/sigstore-java#1144

Update conformance.yml to 0.0.25 by @loosebazooka in sigstore/sigstore-java#1149

chore(deps): update actions/setup-go action to v6.2.0 by @renovate[bot] in sigstore/sigstore-java#1155

fix(deps): update protobuf_grpc to v4.33.4 by @renovate[bot] in sigstore/sigstore-java#1154

fix(deps): update immutables to v2.12.1 by @renovate[bot] in sigstore/sigstore-java#1153

chore(deps): update sigstore/community digest to a959c6f by @renovate[bot] in sigstore/sigstore-java#1150

chore(deps): update gradle/actions action to v5 by @renovate[bot] in sigstore/sigstore-java#1158

fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.4.0 by @renovate[bot] in sigstore/sigstore-java#1157

fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v8 by @renovate[bot] in sigstore/sigstore-java#1159

fix(deps): update dependency com.google.errorprone:error_prone_core to v2.46.0 by @renovate[bot] in sigstore/sigstore-java#1156

fix(deps): update dependency org.junit:junit-bom to v5.14.2 by @renovate[bot] in sigstore/sigstore-java#1151

add nonce parameter to OIDC flow by @bobcallaway in sigstore/sigstore-java#1148

fix(deps): update dependency com.squareup.okhttp3:mockwebserver to v5 by @renovate[bot] in sigstore/sigstore-java#1163

fix(deps): update dependency com.github.vlsi.gradle-extensions:com.github.vlsi.gradle-extensions.gradle.plugin to v3 by @renovate[bot] in sigstore/sigstore-java#1160

fix(deps): update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v2 by @renovate[bot] in sigstore/sigstore-java#1162

fix(deps): update dependency com.google.http-client:google-http-client-bom to v2 by @renovate[bot] in sigstore/sigstore-java#1161

Add test for rekor v2 in prod by @loosebazooka in sigstore/sigstore-java#1165

Add prod attestation test by @aaronlew02 in sigstore/sigstore-java#1167

chore(deps): update plugin org.gradlex.build-parameters to v1.4.5 by @renovate[bot] in sigstore/sigstore-java#1172

... (truncated)

Changelog

Sourced from dev.sigstore:sigstore-maven-plugin's changelog.

[2.1.0] - 2026-05-21

Added

Add HTTP Fulcio client: sigstore/sigstore-java#1176

Fixed

Re-add and enhance SET verification in KeylessVerifier: sigstore/sigstore-java#1185

Commits

97d295e Merge pull request #1190 from sigstore/fix-nmcp-dependency
27bb927 add repositories for nmcp plugin to use
b529335 Merge pull request #1185 from sigstore/set-verification
49c27f1 Add KeylessVerifier test for expired certificates
87e2876 Re-add and enhance SET verification in KeylessVerifier
f6934e5 Merge pull request #1186 from sigstore/update-conformance
164ec97 Prioritize email over subject for SAN from OIDC token string
224cbcb Update conformance to latest
6d736e2 Merge pull request #1183 from sigstore/uri-resolve-replace
c2d39da Replace URI.resolve with URIFormat.appendPath
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0

Release notes

Sourced from org.apache.maven.plugins:maven-site-plugin's releases.

3.22.0

🚀 New features and improvements

Upgrade to Doxia 2.1.0 (#1269) @kwin

Upgrade to Doxia Site Tools 2.1.0 (1b3cff6) @kwin

Add blocking "auto-refresh" goal (#1267) @kwin

Allow to give alternative source directories (1b3cff6) @kwin

Throw UOE for unsupported MultiPageSinkFactory.createSink(...) overloads (a27b283) @kwin

📝 Documentation updates

Several site improvements (#1272) @kwin

Convert Site source from APT to Markdown (#1265) @kwin

👻 Maintenance

Fix GitHub CI configuration on new master (#1257) @slawekjaranowski

remove missing module (#1258) @hboutemy

[MSITE-977] - Remove broken links (#211) (#1256) @hboutemy

chore: Migrate Junit3/4 to Junit5 (#1243) @slawekjaranowski

Allow to manually execute release drafter (#236) @slawekjaranowski

Enable GitHub Issues (Maven 3) (#234) @Bukama

Drop additional configuration for requirementsHistories (#221) @slawekjaranowski

Convert to Guice injection (#218) @elharo

[MSITE-986] Refresh download page (12c8a9d0) @yuhaowin

Rename "Goals" to "Plugin Documentation" (f489a1e) @Bukama

📦 Dependency updates

Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1271) @dependabot[bot]

Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /src/it/projects/MSITE-497/apps/app (#1263) @dependabot[bot]

Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#1268) @dependabot[bot]

Backport Update to parent 47 to 3.x branch (#1235) (#1237) @Bukama

Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1225) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.5 to 3.6.6 (#1212) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#1207) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.4 (#1203) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#1204) @dependabot[bot]

Bump jettyVersion from 9.4.56.v20240826 to 9.4.58.v20250814 (#1194) @dependabot[bot]

Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1193) @dependabot[bot]

Commits

f9f7cc6 [maven-release-plugin] prepare release maven-site-plugin-3.22.0
f7b57ea Bump org.codehaus.plexus:plexus-interactivity-api from 1.3 to 1.5.1
282aa04 Several site improvements (#1272)
55ebd9f Upgrade to Doxia 2.1.0
93ecbb6 Improve goal description
106d259 Improve error messages
a7511e9 Fix additional PR comments
c3c1c0f Rename from "hot-reload" to "auto-refresh"
5fb1504 Add blocking "hot-reload" goal
2d9a489 Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1271)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…pdates Bumps the maven-plugins group with 2 updates in the / directory: [dev.sigstore:sigstore-maven-plugin](https://github.com/sigstore/sigstore-java) and [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin). Updates `dev.sigstore:sigstore-maven-plugin` from 2.0.0 to 2.1.0 - [Release notes](https://github.com/sigstore/sigstore-java/releases) - [Changelog](https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md) - [Commits](sigstore/sigstore-java@v2.0.0...v2.1.0) Updates `org.apache.maven.plugins:maven-site-plugin` from 3.21.0 to 3.22.0 - [Release notes](https://github.com/apache/maven-site-plugin/releases) - [Commits](apache/maven-site-plugin@maven-site-plugin-3.21.0...maven-site-plugin-3.22.0) --- updated-dependencies: - dependency-name: dev.sigstore:sigstore-maven-plugin dependency-version: 2.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-plugins - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-version: 3.22.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-plugins ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the dependencies This issue or pull request is about third-party dependencies label May 29, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the maven-plugins group across 1 directory with 2 updates#67

build(deps): bump the maven-plugins group across 1 directory with 2 updates#67
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/maven-plugins-75c59af7ae

dependabot Bot commented on behalf of github May 29, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 29, 2026

v2.1.0

What's Changed

[2.1.0] - 2026-05-21

Added

Fixed

3.22.0

🚀 New features and improvements

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants