Bump the spdx-dependencies group with 3 updates by dependabot[bot] · Pull Request #171 · spdx/spdx-gradle-plugin

dependabot · 2026-03-06T02:03:50Z

Bumps the spdx-dependencies group with 3 updates: org.spdx:java-spdx-library, org.spdx:spdx-jackson-store and org.spdx:tools-java.

Updates org.spdx:java-spdx-library from 1.1.12 to 2.0.2

Release notes

Sourced from org.spdx:java-spdx-library's releases.

Release 2.0.2 of the SPDX Java Library

What's Changed

Update Maven Central badge by @bact in spdx/Spdx-Java-Library#356

Fix JavaDocs workflow by @goneall in spdx/Spdx-Java-Library#357

Update spdx-java-core version to 1.0.1 by @bact in spdx/Spdx-Java-Library#360

Add SPDX Java library family diagram by @bact in spdx/Spdx-Java-Library#359

Fix Maven Central link in README by @bact in spdx/Spdx-Java-Library#358

Bump org.sonatype.central:central-publishing-maven-plugin from 0.7.0 to 0.9.0 by @dependabot[bot] in spdx/Spdx-Java-Library#362

Bump org.owasp:dependency-check-maven from 12.1.5 to 12.1.6 by @dependabot[bot] in spdx/Spdx-Java-Library#365

Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 by @dependabot[bot] in spdx/Spdx-Java-Library#364

Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 by @dependabot[bot] in spdx/Spdx-Java-Library#363

Bump org.owasp:dependency-check-maven from 12.1.6 to 12.1.7 by @dependabot[bot] in spdx/Spdx-Java-Library#366

Add 2.X and 3.X support info to README by @bact in spdx/Spdx-Java-Library#367

Bump org.owasp:dependency-check-maven from 12.1.7 to 12.1.8 by @dependabot[bot] in spdx/Spdx-Java-Library#368

Add creationInfo during license parsing by @goneall in spdx/Spdx-Java-Library#370

Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0 by @dependabot[bot] in spdx/Spdx-Java-Library#371

Bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9 by @dependabot[bot] in spdx/Spdx-Java-Library#374

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 by @dependabot[bot] in spdx/Spdx-Java-Library#373

Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0 by @dependabot[bot] in spdx/Spdx-Java-Library#372

Update README-V3-UPGRADE.md by @bact in spdx/Spdx-Java-Library#361

Add cooldown to dependabot by @goneall in spdx/Spdx-Java-Library#375

Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0 by @dependabot[bot] in spdx/Spdx-Java-Library#376

Add getProperty(propertyNamesList, defaultValue) by @bact in spdx/Spdx-Java-Library#326

Update Java Library versions by @goneall in spdx/Spdx-Java-Library#377

Full Changelog: spdx/Spdx-Java-Library@v2.0.1...v2.0.2

Release 2.0.1 of the SPDX Java Library

What's Changed

Update dependencies to latest patch version by @bact in spdx/Spdx-Java-Library#312

Fix a typo in GETTING-STARTED.md by @fviernau in spdx/Spdx-Java-Library#316

Add more details to upgrade docs by @pmonks in spdx/Spdx-Java-Library#318

Add links to API doc of SPDX Java libraries by @bact in spdx/Spdx-Java-Library#319

Add more API links to README by @bact in spdx/Spdx-Java-Library#321

spdx-maven-plugin == 1.0.2 by @bact in spdx/Spdx-Java-Library#323

Add Javadoc to org.spdx.utility.verificationcode by @bact in spdx/Spdx-Java-Library#327

Add Javadoc to CrossRefJson and ExceptionJsonTOC by @bact in spdx/Spdx-Java-Library#328

Bring back config code updates by @goneall in spdx/Spdx-Java-Library#325

Add Javadoc string for ParseInstruction by @bact in spdx/Spdx-Java-Library#329

Javadoc: Add to start of paragraphs by @bact in spdx/Spdx-Java-Library#330

Javadoc: Add javadoc string to ListedLicenses by @bact in spdx/Spdx-Java-Library#331

Add test case for matching '<>' by @goneall in spdx/Spdx-Java-Library#298

Pre-compile Patterns of removeCommentChars by @bact in spdx/Spdx-Java-Library#335

Check null to avoid null pointer exception by @bact in spdx/Spdx-Java-Library#334

Move quick return to top of method isStandardLicenseExceptionWithinText by @bact in spdx/Spdx-Java-Library#336

update isSingleToken to return false for null and empty strings by @goneall in spdx/Spdx-Java-Library#337

Bump org.apache.commons:commons-lang3 from 3.5 to 3.18.0 by @dependabot[bot] in spdx/Spdx-Java-Library#340

Fix minor typos in docs by @bact in spdx/Spdx-Java-Library#343

Update GitHub Actions version to latest by @bact in spdx/Spdx-Java-Library#344

... (truncated)

Commits

7b7ccf0 [maven-release-plugin] prepare release v2.0.2
e18f733 Update Java Library versions
92ca695 Update getProperty(list) Javadoc
ba054b7 Add getProperty(List<String> propertyNames)
ae0d6de Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0
66c818f Merge pull request #375 from spdx/cooldown
09a6166 Add cooldown to dependabot
651470e Update README-V3-UPGRADE.md
fb38245 Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0
2ee6aad Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0
Additional commits viewable in compare view

Updates org.spdx:spdx-jackson-store from 1.1.9.1 to 2.0.4

Release notes

Sourced from org.spdx:spdx-jackson-store's releases.

Release 2.0.4 of the SPDX Java Jackson Store

What's Changed

Bump org.owasp:dependency-check-maven from 12.1.5 to 12.1.6 by @dependabot[bot] in spdx/spdx-java-jackson-store#101

Bump org.sonatype.central:central-publishing-maven-plugin from 0.7.0 to 0.9.0 by @dependabot[bot] in spdx/spdx-java-jackson-store#100

Bump org.owasp:dependency-check-maven from 12.1.6 to 12.1.7 by @dependabot[bot] in spdx/spdx-java-jackson-store#102

Update README to indicate SPDX spec 2.X support only by @goneall in spdx/spdx-java-jackson-store#104

Bump org.owasp:dependency-check-maven from 12.1.7 to 12.1.8 by @dependabot[bot] in spdx/spdx-java-jackson-store#105

Bump com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.20.0 to 2.20.1 by @dependabot[bot] in spdx/spdx-java-jackson-store#106

Bump com.fasterxml.jackson.core:jackson-databind from 2.20.0 to 2.20.1 by @dependabot[bot] in spdx/spdx-java-jackson-store#107

Bump com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.20.0 to 2.20.1 by @dependabot[bot] in spdx/spdx-java-jackson-store#108

Bump com.fasterxml.jackson.core:jackson-core from 2.20.0 to 2.20.1 by @dependabot[bot] in spdx/spdx-java-jackson-store#109

Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0 by @dependabot[bot] in spdx/spdx-java-jackson-store#110

Bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9 by @dependabot[bot] in spdx/spdx-java-jackson-store#112

Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0 by @dependabot[bot] in spdx/spdx-java-jackson-store#111

Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0 by @dependabot[bot] in spdx/spdx-java-jackson-store#113

Check SPDX version in deserialize by @goneall in spdx/spdx-java-jackson-store#114

Update library version by @goneall in spdx/spdx-java-jackson-store#115

Full Changelog: spdx/spdx-java-jackson-store@v2.0.3...v2.0.4

Release 2.0.3 of the SPDX Java Jackson Store

What's Changed

spdx-maven-plugin == 1.0.2 by @bact in spdx/spdx-java-jackson-store#88

Add Javadoc links to README by @bact in spdx/spdx-java-jackson-store#89

Update dependencies and add dependabot config by @goneall in spdx/spdx-java-jackson-store#91

Bump org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.3.1 by @dependabot[bot] in spdx/spdx-java-jackson-store#96

Bump org.apache.maven.plugins:maven-gpg-plugin from 1.6 to 3.2.8 by @dependabot[bot] in spdx/spdx-java-jackson-store#95

Bump org.spdx:spdx-maven-plugin from 1.0.2 to 1.0.3 by @dependabot[bot] in spdx/spdx-java-jackson-store#94

Bump org.apache.maven.plugins:maven-javadoc-plugin from 2.9.1 to 3.12.0 by @dependabot[bot] in spdx/spdx-java-jackson-store#93

Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 by @dependabot[bot] in spdx/spdx-java-jackson-store#92

Bump org.owasp:dependency-check-maven from 8.4.3 to 12.1.5 by @dependabot[bot] in spdx/spdx-java-jackson-store#98

Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.14.1 by @dependabot[bot] in spdx/spdx-java-jackson-store#97

Change publishing from sonatype to central by @goneall in spdx/spdx-java-jackson-store#99

Full Changelog: spdx/spdx-java-jackson-store@v2.0.2...v2.0.3

Patch release 2.0.2 of the SPDX Java Jackson Store

What's Changed

Fix JSON node sorting by @goneall in spdx/spdx-java-jackson-store#87

Full Changelog: spdx/spdx-java-jackson-store@v2.0.1...v2.0.2

Release 2.0 of the SPDX Java Jackson Store

What's Changed

Bump version of SPDX library and spdx maven plugin by @goneall in spdx/spdx-java-jackson-store#71

Support SPDX spec version 3 - BREAKING CHANGES by @goneall in spdx/spdx-java-jackson-store#72

Generate a warning if attempting to serialize SPDX V3 data by @goneall in spdx/spdx-java-jackson-store#74

... (truncated)

Commits

7d17bac [maven-release-plugin] prepare release v2.0.4
27c5bb2 Update library version
42f69e2 Check SPDX version in deserialize
f40c826 Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0
6937104 Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0
b08cc46 Bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9
76d0010 Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0
464ad28 Bump com.fasterxml.jackson.core:jackson-core from 2.20.0 to 2.20.1
2af6a59 Bump com.fasterxml.jackson.dataformat:jackson-dataformat-xml
f893b98 Bump com.fasterxml.jackson.core:jackson-databind from 2.20.0 to 2.20.1
Additional commits viewable in compare view

Updates org.spdx:tools-java from 1.1.8 to 2.0.4

Release notes

Sourced from org.spdx:tools-java's releases.

Release 2.0.4 of the SPDX Java Tools

Fixes a critical performance issue when verifying SPDX 3 documents

What's Changed

Revert json-schema-validator version to 1.5.9 by @goneall in spdx/tools-java#258

Full Changelog: spdx/tools-java@v2.0.3...v2.0.4

Release 2.0.3 of the SPDX Java Tools

What's Changed

Update README with current tools version by @goneall in spdx/tools-java#238

Example Java file to generate a full SPDX V3 JSONLD file by @goneall in spdx/tools-java#240

Update com.networknt:json-schema-validator from 1.5.9 to 2.0.0 by @goneall in spdx/tools-java#239

README: Update link of SPDX Online Tools by @bact in spdx/tools-java#243

Bump org.apache.ws.xmlschema:xmlschema-core from 2.3.1 to 2.3.2 by @dependabot[bot] in spdx/tools-java#244

Fix deprecated isLicenseCommmentsEquals by @bact in spdx/tools-java#245

Add Javadoc for SpdxToolsHelper by @bact in spdx/tools-java#246

Fix full SPDX example by @goneall in spdx/tools-java#247

Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0 by @dependabot[bot] in spdx/tools-java#250

Bump commons-io:commons-io from 2.20.0 to 2.21.0 by @dependabot[bot] in spdx/tools-java#251

Bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9 by @dependabot[bot] in spdx/tools-java#254

Add faster schema by @goneall in spdx/tools-java#248

Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0 by @dependabot[bot] in spdx/tools-java#255

Update SPDX library versions by @goneall in spdx/tools-java#256

Full Changelog: spdx/tools-java@v2.0.2...v2.0.3

Release 2.0.2 of the SPDX Java Tools

What's Changed

Update README examples with new release versions by @goneall in spdx/tools-java#205

Update spdx-maven-plugin and spdx-jackson-store by @bact in spdx/tools-java#208

spdx-schema-v2.3.json: fix OPERATING-SYSTEM package intent by @xnox in spdx/tools-java#211

Add dependabot by @bact in spdx/tools-java#215

Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.14.1 by @dependabot[bot] in spdx/tools-java#221

Bump org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.3.1 by @dependabot[bot] in spdx/tools-java#220

Bump org.spdx:spdx-maven-plugin from 1.0.2 to 1.0.3 by @dependabot[bot] in spdx/tools-java#226

Bump org.spdx:spdx-tagvalue-store from 2.0.0 to 2.0.1 by @dependabot[bot] in spdx/tools-java#225

Update dependencies by @bact in spdx/tools-java#222

Remove redundant dependencies by @goneall in spdx/tools-java#227

Delete CONTRIBUTING.md from Spdx-Java-Library repo by @bact in spdx/tools-java#224

Add Javadoc build workflow by @bact in spdx/tools-java#223

Bump org.apache.maven.plugins:maven-gpg-plugin from 1.6 to 3.2.8 by @dependabot[bot] in spdx/tools-java#217

Switch publishing from Sonatype to Central by @goneall in spdx/tools-java#228

Update JavaDocs config by @goneall in spdx/tools-java#230

Bump org.owasp:dependency-check-maven from 12.1.6 to 12.1.8 by @dependabot[bot] in spdx/tools-java#233

Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 by @dependabot[bot] in spdx/tools-java#235

Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.1 to 3.6.2 by @dependabot[bot] in spdx/tools-java#234

Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 by @dependabot[bot] in spdx/tools-java#231

... (truncated)

Commits

93c22b8 [maven-release-plugin] prepare release v2.0.4
77a41de Revert json-schema-validator version to 1.5.9
de4734d [maven-release-plugin] prepare for next development iteration
a097f09 [maven-release-plugin] prepare release v2.0.3
0ce3002 Update SPDX library versions
ec1f663 Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0
5f3620a Update schema to match generated schema
3bee0a4 Add faster schema
7a2ea0f Bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9
0ebc386 Bump commons-io:commons-io from 2.20.0 to 2.21.0
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the spdx-dependencies group with 3 updates: [org.spdx:java-spdx-library](https://github.com/spdx/Spdx-Java-Library), [org.spdx:spdx-jackson-store](https://github.com/spdx/spdx-java-jackson-store) and [org.spdx:tools-java](https://github.com/spdx/tools-java). Updates `org.spdx:java-spdx-library` from 1.1.12 to 2.0.2 - [Release notes](https://github.com/spdx/Spdx-Java-Library/releases) - [Changelog](https://github.com/spdx/Spdx-Java-Library/blob/master/RELEASE-CHECKLIST.md) - [Commits](spdx/Spdx-Java-Library@v1.1.12...v2.0.2) Updates `org.spdx:spdx-jackson-store` from 1.1.9.1 to 2.0.4 - [Release notes](https://github.com/spdx/spdx-java-jackson-store/releases) - [Changelog](https://github.com/spdx/spdx-java-jackson-store/blob/master/RELEASE-CHECKLIST.md) - [Commits](spdx/spdx-java-jackson-store@v1.1.9.1...v2.0.4) Updates `org.spdx:tools-java` from 1.1.8 to 2.0.4 - [Release notes](https://github.com/spdx/tools-java/releases) - [Changelog](https://github.com/spdx/tools-java/blob/master/RELEASE-CHECKLIST.md) - [Commits](spdx/tools-java@v1.1.8...v2.0.4) --- updated-dependencies: - dependency-name: org.spdx:java-spdx-library dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: spdx-dependencies - dependency-name: org.spdx:spdx-jackson-store dependency-version: 2.0.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: spdx-dependencies - dependency-name: org.spdx:tools-java dependency-version: 2.0.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: spdx-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Mar 6, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the spdx-dependencies group with 3 updates#171

Bump the spdx-dependencies group with 3 updates#171
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/spdx-dependencies-5639cd3ba6

dependabot bot commented on behalf of github Mar 6, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release 2.0.2 of the SPDX Java Library

What's Changed

Release 2.0.1 of the SPDX Java Library

What's Changed

Release 2.0.4 of the SPDX Java Jackson Store

What's Changed

Release 2.0.3 of the SPDX Java Jackson Store

What's Changed

Patch release 2.0.2 of the SPDX Java Jackson Store

What's Changed

Release 2.0 of the SPDX Java Jackson Store

What's Changed

Release 2.0.4 of the SPDX Java Tools

What's Changed

Release 2.0.3 of the SPDX Java Tools

What's Changed

Release 2.0.2 of the SPDX Java Tools

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 6, 2026 •

edited

Loading