Bump the maven-build-plugins group across 1 directory with 3 updates

[dependabot]

Bumps the maven-build-plugins group with 3 updates in the / directory: org.apache.maven.plugins:maven-compiler-plugin, org.owasp:dependency-check-maven and org.sonatype.central:central-publishing-maven-plugin.

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.1.9 to 12.2.0

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.2.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.0 (2026-01-09)

• feat: package and utilize generated suppression file (#8116)

• feat: override pnpm audit registry parameter (#8158)

• feat: support multiple cvssBelow thresholds per version (#2563) (#8024)

• feat: usage telemetry via scarf (#8066)

• feat: add new suppression xsd allowing grouping of suppressions (#7957)

• fix(ant): resolve relative paths against basedir (#8202)

• fix: add hint for Elastic APM Java agent CPE mapping (#8200)

• fix: Allow NVD data feed metadata downloads to fail on 1st Jan while logging correct errors (#8205)

• fix(ant): resolve paths relative to basedir for suppression and output

• fix: correct XML/JSON report CVSS field & HTML report URL mappings (#8156)

• fix: log GrokAssembly output when dotnet invocation fails (#8141)

• fix: correct reliability of Central etc (JCS cache) analyzers on Java 25/Docker by making CLI classpath deterministic (#8117)

• docs: Update & correct README (#8166)

• docs: update suppression schema version (#8136)

• docs: fix typos in some files (#8135)

• chore: remove duplicate suppression rules from base that are in the generated branch (#8138)

• chore: remove suppression rules that were deleted from the generatedSuppression branch (#8119)

• build: transition dependency to org.eclipse.parsson groupId (#8128)

• See the full listing of changes

Commits

• 909229e build: prepare release v12.2.0
• f6f3d76 chore: reset snapshot version and fix site
• 67d0d1a build: Release 12.2.0 (#8216)
• 6f46091 build: prepare for next development iteration
• 9ec772f build: prepare release v12.2.0
• e81b240 docs: prepare release 12.2.0
• 41f1cdf build(deps): bump junit.version from 5.14.1 to 5.14.2 (#8214)
• 26cfd65 build(deps): bump org.sonatype.central:central-publishing-maven-plugin from 0...
• f437aa0 fix(ant): resolve relative paths against basedir (#8202)
• 7f63b48 Merge branch 'main' into fix-7918-ant-relative-paths
• Additional commits viewable in compare view

Updates org.sonatype.central:central-publishing-maven-plugin from 0.9.0 to 0.10.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.