feat(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
eclipse-temurin	final	patch	21-jdk -> 21.0.6_7-jdk
maven		patch	3.9.6 -> 3.9.9
maven	final	patch	3.9.6-eclipse-temurin-21 -> 3.9.9-eclipse-temurin-21
maven-wrapper		minor	3.2.0 -> 3.3.2
com.puppycrawl.tools:checkstyle (source)	build	minor	8.29 -> 8.45.1
com.mycila:license-maven-plugin-git	build	minor	4.5 -> 4.6
com.mycila:license-maven-plugin (source)	build	minor	4.5 -> 4.6
net.alchim31.maven:scala-maven-plugin	build	minor	4.8.1 -> 4.9.2
org.sonatype.plugins:nexus-staging-maven-plugin (source)	build	minor	1.6.13 -> 1.7.0
org.apache.maven.plugins:maven-surefire-plugin	build	patch	3.5.0 -> 3.5.2
org.apache.maven.plugins:maven-site-plugin	build	minor	3.12.1 -> 3.21.0
org.apache.maven.plugins:maven-javadoc-plugin	build	minor	3.6.3 -> 3.11.2
org.apache.maven.plugins:maven-pmd-plugin	build	minor	3.25.0 -> 3.26.0
org.apache.maven.plugins:maven-failsafe-plugin	build	patch	3.5.0 -> 3.5.2
org.apache.maven.plugins:maven-checkstyle-plugin	build	minor	3.5.0 -> 3.6.0
io.fabric8:docker-maven-plugin	build	minor	0.31.0 -> 0.45.1
org.wiremock:wiremock (source)	test	minor	3.9.1 -> 3.11.0
org.scalacheck:scalacheck_2.12 (source)	test	patch	1.18.0 -> 1.18.1
io.mockk:mockk-jvm (source)	test	patch	1.13.12 -> 1.13.16
org.mockito:mockito-core	test	minor	5.13.0 -> 5.15.2
org.junit:junit-bom (source)	import	patch	5.11.0 -> 5.11.4
com.typesafe.akka:akka-testkit_2.12 (source)	test	patch	2.8.5 -> 2.8.8
com.typesafe.akka:akka-actor_2.12 (source)	test	patch	2.8.5 -> 2.8.8
org.scala-lang:scala-compiler (source)	test	minor	2.12.18 -> 2.13.16
ch.qos.logback:logback-core (source, changelog)	compile	patch	1.5.8 -> 1.5.13
ch.qos.logback:logback-classic (source, changelog)	compile	patch	1.5.8 -> 1.5.16
org.jetbrains.kotlinx:kotlinx-html-jvm	compile	minor	0.11.0 -> 0.12.0
org.jetbrains.kotlin:kotlin-maven-plugin (source)	build	minor	2.0.20 -> 2.1.10
org.jetbrains.kotlin:kotlin-bom (source)	import	minor	2.0.20 -> 2.1.10
io.projectreactor:reactor-bom (source)	import	patch	2023.0.10 -> 2023.0.14
io.netty:netty-bom (source)	import	patch	4.1.113.Final -> 4.1.117.Final
io.micrometer:micrometer-registry-jmx	compile	minor	1.13.6 -> 1.14.3
io.micrometer:micrometer-registry-graphite	compile	minor	1.13.6 -> 1.14.3
io.micrometer:micrometer-registry-prometheus-simpleclient	compile	minor	1.13.6 -> 1.14.3
io.micrometer:micrometer-core	compile	minor	1.13.6 -> 1.14.3
com.fasterxml.jackson:jackson-bom	import	minor	2.17.2 -> 2.18.2
com.google.guava:guava	compile	minor	33.3.0-jre -> 33.4.0-jre
io.dropwizard.metrics:metrics-jmx (source)	compile	patch	4.2.27 -> 4.2.30
io.dropwizard.metrics:metrics-healthchecks (source)	compile	patch	4.2.27 -> 4.2.30
io.dropwizard.metrics:metrics-graphite (source)	compile	patch	4.2.27 -> 4.2.30
io.dropwizard.metrics:metrics-json (source)	compile	patch	4.2.27 -> 4.2.30
io.dropwizard.metrics:metrics-jvm (source)	compile	patch	4.2.27 -> 4.2.30
io.dropwizard.metrics:metrics-core (source)	compile	patch	4.2.27 -> 4.2.30
net.bytebuddy:byte-buddy	compile	minor	1.15.1 -> 1.17.0
org.bouncycastle:bcpkix-jdk18on (source)	compile	minor	1.78.1 -> 1.80
org.apache.maven.plugins:maven-compiler-plugin	build	minor	3.11.0 -> 3.13.0
org.apache.maven.plugins:maven-jar-plugin	build	minor	3.3.0 -> 3.4.2

GitHub Vulnerability Alerts

CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.

Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension.

A successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege.

CVE-2024-12801

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.

The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

---

Release Notes

sonatype/nexus-maven-plugins (org.sonatype.plugins:nexus-staging-maven-plugin)

v1.7.0

Compare Source

v1.6.14

Compare Source

fabric8io/docker-maven-plugin (io.fabric8:docker-maven-plugin)

v0.45.1: 0.45.1 (2024-09-29)

Compare Source

• Make copy docker-buildx binary to temporary config directory work on windows too (1819)
• Pull FROM images in relative path Dockerfiles (1823)

New Contributors

• @​tusharwebd made their first contribution in https://github.com/fabric8io/docker-maven-plugin/pull/1816
• @​jrnorth made their first contribution in https://github.com/fabric8io/docker-maven-plugin/pull/1824
• @​derHeinz made their first contribution in https://github.com/fabric8io/docker-maven-plugin/pull/1819

Full Changelog: fabric8io/docker-maven-plugin@v0.45.0...v0.45.1

v0.45.0: 0.45.0 (2024-07-27)

Compare Source

• Automatically create parent directories of portPropertyFile path (1761)
  • Use complete image id in DockerAccessWithHcClient while fetching image id (1764)
  • Add skip tag to the image level by <skipTag> (1787)
  • Remove usage of AnsiConsole (1791)
  • Gracefully handle 404 when removing container (1793)
  • Added support for platform attribute of a container in the docker-compose configuration.
  • Image Build Config BuildArgs should be passed while pulling images (1756)
  • docker:push failed with build ARG in FROM (1778)
  • Add the possibility to give secret to buildx build (1798
  • FROM can reference ARG that references other ARG (1800)

Thanks to our contributors ❤️ 🤗

• @​kevinleturc
• @​Willena
• @​attiand
• @​nodece
• @​mdxabu
• @​slawekjaranowski
• @​sebastiankirsch

v0.44.0: 0.44.0 (2024-02-17)

Compare Source

• Add new option "useDefaultExclusion" for build configuration to handle exclusion of hidden files (1708)
  • The option is now propagated down to the buildx command, if it is set in the section. (1717)
  • Fix Buildx build with Dockerfile outside of the Docker build context directory (1721)
  • Add support setting driverOpts for buildx (1704)
  • Multi-Architecture push is not sending pull registry auth credentials (1709)
  • Adding support for --cacheFrom and --cacheTo buildX arguments (1621)
  • Add support for using maven/system properties for an ARG used as the FROM image in a dockerfile (1731)
  • Revert workaround for checking docker version for checking whether to add docker --config flag or not. (1754)
  • Add a workaround to copy docker-buildx binary to temporary config directory created for docker buildx build. This seems to make docker recognize buildx even after config override. (1754)
  • Fix Windows volume bindings for Rancher, Podman and Windows-based containers (1719)
  • Extract the Docker Compose v2.1+ depends_on conditions and apply them as Docker Maven Plugin waiting configurations (888)
  • Update org.apache.maven:maven-core to 3.8.1 (1702)

Thanks to our contributors ❤️ 🤗

• @​thuva9872
• @​tadgh
• @​mruzicka
• @​Hellspam
• @​sdumitriu
• @​bergerst
• @​mdxabu
• @​poikilotherm

v0.43.4: 0.43.4 (2023-08-18)

Compare Source

• Always pass --config option for latest versions of Docker CLI (1701)

v0.43.3: 0.43.3 (2023-08-13)

Compare Source

• Only add --config to buildx command string when authentication credentials are coming from outside sources
  • Remove hardcoded --node value while creating buildx builder

v0.43.2: 0.43.2 (2023-07-29)

Compare Source

• Make --config from buildx command string generation optional (1673) @​robfrank

v0.43.1: 0.43.1 (2023-07-28)

Compare Source

• Resolve registry auth URL by registry ID (1688) @​wajda
  • Allow 'host-gateway' as non-resolvable hostname in extraHosts (1527) @​azaaiman
  • Bump guava from 31.1-jre to 32.0.1-jre (1686) @​dependabot
  • Bump jib-core from 0.23.0 to 0.24.0 (1686) @​rohanKanojia
  • Fix unauthorized error with buildx needing multiple credentials (1583) @​eocantu
  • Add logger to HTTP ping checker (1689) @​ryanrishi

v0.43.0: 0.43.0 (2023-05-20)

Compare Source

• Make buildx build single non-native platform if requested (1665) @​martyvona
  • Support for buildx option to disable attestations (1661) @​chonton

v0.42.1: 0.42.1 (2023-04-06)

Compare Source

• Update Jnr Jffi dependency to v1.3.11 (1660) @​rohanKanojia
  • Update run platform documentation (1652) @​chonton
  • buildx should split platforms by comma as documented (1651) @​chonton

v0.42.0: (2023-02-28)

Compare Source

• Support docker run --platform (1641) @​chonton
  • Update buildx documentation to amplify the build behavior (1646) @​chonton
  • Default to native platform when creating container (1645) @​chonton
  • JIB ignores the DOCKER_REGISTRY environment variable (1617) @​rohanKanojia

v0.41.0: 0.41.0 (2023-02-06):

Compare Source

• multi-arch build should use provided repository (1597) @​merikan
  • new property docker.build.network to override the network for RUN directives for docker build (1636) @​tulinkry
  • Update Jib Core to v0.23.0 (1637) @​rohanKanojia
  • Update JNR UnixSocket to v0.38.19 (1638) @​rohanKanojia

v0.40.3: 0.40.3 (2022-12-18)

Compare Source

• image/squash option is taken into account when using buildx (1605) @​kevinleturc
  • Allow having build args with same name but different value in various sources, which are overriden in the order of precedence in resulting build args map (1407) @​pavelsmolensky
  • Use double for docker.cpus property and interpret this value in the same way as Docker config option --cpus (1609) @​vjuranek
  • NPE from Assembly plugin when POM packaging is used (1146) @​slawekjaranowski
  • Docker pulling progress only shown after pull has completed and not in real-time (1598) @​causalnet
  • Bump org.yaml:snakeyaml to v1.32 (1619) @​pen4
  • Bump com.google.cloud.tools:jib-core to v0.23.0 (1620) @​pen4
  • Bump com.google.guava:guava to v31.1-jre @​rohanKanojia

v0.40.2: 0.40.2 (2022-07-31)

Compare Source

• Plugin doesn't abort building an image in case Podman is used and Dockerfile can't be processed (1562) @​jh-cd
  • Bump gson from 2.8.5 to 2.8.9 (1556) @​dependabot
  • Build and load native platform during build goal, build and push all platforms during push goal (1576) @​chonton
  • Remove buildx cache, don't delete builder instances after goal. Use builder instance to cache artifacts (1579) @​chonton
  • Multiple assemblies use the name "maven". Please assign each assembly a unique name (1558) @​tbfky
  • Use https://index.docker.io/v1/ as default buildx server registry (1574) @​chonton
  • When using buildx, do not force build of native platform (1572) @​chonton

v0.40.1: 0.40.1 (2022-06-11)

Compare Source

• buildx does not work when specifying Dockerfile location (1562) @​chonton
  • Use buildx, set tag to current version fails if it contains -SNAPSHOT (1566) @​chonton

v0.40.0: 0.40.0 (2022-05-29):

Compare Source

• Multi-architecture images using buildx (1502) @​chonton
  • Migrate to JUnit5 and Mockito for testing (1550) @​chonton
  • docker:stop should respect docker.skip even when docker.executeStopOnVMShutdown is set to true (1561) @​doyleyoung
  • Prevent concurrent access to secDispatcher during password decryption (1533) @​joserebelo
  • Support for docker run --sysctl parameters (1530) @​jpraet
  • Add missing dash to buildx --build-arg

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box