maven-gpg-plugin

maven-gpg-plugin copied to clipboard

Bumps [org.apache.maven.shared:maven-invoker](https://github.com/apache/maven-invoker) from 3.2.0 to 3.3.0. Release notes Sourced from org.apache.maven.shared:maven-invoker's releases. 3.3.0 🚀 New features and improvements [MSHARED-1390] - Deprecate InvocationRequest#setGoals (#76) @​slawekjaranowski [MSHARED-1382] - support a possibility to...

dependabot[bot]

Bumps `resolverVersion` from 1.9.18 to 1.9.20. Updates `org.apache.maven.resolver:maven-resolver-api` from 1.9.18 to 1.9.20 Release notes Sourced from org.apache.maven.resolver:maven-resolver-api's releases. 1.9.20 Release Notes - Maven Resolver - Version 1.9.20 What's Changed [MRESOLVER-547]...

dependabot[bot]

Bumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 3.5.1 to 4.0.1. Release notes Sourced from org.codehaus.plexus:plexus-utils's releases. 4.0.1 🚀 New features and improvements Add .gitignore to default excludes (#269) @​slawekjaranowski downgrade plexus-xml from 4 to...

dependabot[bot]

initial test at signing with sigstore

5

PoC using sigstore-java that does all the heavy sigstore work: https://github.com/sigstore/sigstore-java - copying `GpgSignAttachedMojo.java` logic to create `SigstoreSignAttachedMojo.java` (I will probably refactor `GpgSignAttachedMojo.java` later to make algorithm independant from signature...

hboutemy

Bumps commons-io:commons-io from 2.18.0 to 2.19.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]

Bumps [org.apache.maven.plugins:maven-plugins](https://github.com/apache/maven-parent) from 43 to 44. Release notes Sourced from org.apache.maven.plugins:maven-plugins's releases. 44 :boom: Breaking changes Move snapshot repositories in a profile (#451) @​slawekjaranowski Check test code by checkstyle (#228)...

dependabot[bot]

Bumps [org.simplify4u.plugins:pgpverify-maven-plugin](https://github.com/s4u/pgpverify-maven-plugin) from 1.18.2 to 1.19.1. Release notes Sourced from org.simplify4u.plugins:pgpverify-maven-plugin's releases. v1.19.1 What's Changed :hammer: Maintenance Remove duplicated warnings about revocation signature (#617) @​slawekjaranowski Improve errors message about invalid...

dependabot[bot]

Bumps `bouncycastleVersion` from 1.78.1 to 1.80. Updates `org.bouncycastle:bcpg-jdk18on` from 1.78.1 to 1.80 Changelog Sourced from org.bouncycastle:bcpg-jdk18on's changelog. 2.1.1 Version Release: 1.80 Date:      2025, 14th January. ... (truncated) Commits See full...

dependabot[bot]

Bumps [org.apache.maven.plugins:maven-invoker-plugin](https://github.com/apache/maven-invoker-plugin) from 3.8.0 to 3.9.0. Release notes Sourced from org.apache.maven.plugins:maven-invoker-plugin's releases. 3.8.1 [MINVOKER-371] - Upgrade to Doxia 2.0.0 GA Stack (#261) @​michael-o 📦 Dependency updates Bump org.apache.groovy:groovy-bom from 4.0.22...

dependabot[bot]

### New feature, improvement proposal It seems BC signer does not support subkeys?

cstamas