chore(deps): bump com.diffplug.spotless:spotless-maven-plugin from 3.5.0 to 3.5.1 by dependabot[bot] · Pull Request #3360 · operator-framework/java-operator-sdk
Bumps com.diffplug.spotless:spotless-maven-plugin from 3.5.0 to 3.5.1.
Release notes
Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.
Maven Plugin v3.5.1
Fixed
<licenseHeader>with<yearMode>SET_FROM_GIT</yearMode>no longer runsgit logthrough a shell, eliminating a shell-injection vector when formatting files whose names contain shell metacharacters.- Bump transitive
plexus-utils4.0.2->4.0.3to address CVE-2025-67030. (#2919)
Commits
0c48edfPublished maven/3.5.1c1595c8Published gradle/8.5.1b26b570Published lib/4.6.1ac3f6f1Bump plexus-utils to 4.0.3 to address CVE-2025-67030 (#2932)f5039f6Bump plexus-utils to 4.0.3 to address CVE-2025-670300e77837Fix shell-injection in LicenseHeaderStep SET_FROM_GIT mode (#2931)84f6423Fix shell-injection in LicenseHeaderStep SET_FROM_GIT mode- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)