Skip to content

Update dependency org.codehaus.gmavenplus:gmavenplus-plugin to v5#200

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate-sbg/org.codehaus.gmavenplus-gmavenplus-plugin-5.x
Open

Update dependency org.codehaus.gmavenplus:gmavenplus-plugin to v5#200
renovate[bot] wants to merge 1 commit into
masterfrom
renovate-sbg/org.codehaus.gmavenplus-gmavenplus-plugin-5.x

Conversation

@renovate

@renovate renovate Bot commented Jun 6, 2026

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.codehaus.gmavenplus:gmavenplus-plugin (source) 1.12.15.0.0 age adoption passing confidence

Release Notes

groovy/GMavenPlus (org.codehaus.gmavenplus:gmavenplus-plugin)

v5.0.0

Compare Source

Bugs
  • Fix Javadoc mismatch in ReflectionUtils.getDeclaredMethods (#​365)
  • Remove unneeded fork parameter (#​361)
  • Fix Groovy 5 shell support (closes #​367) (#​380)
Enhancements
Potentially breaking changes
  • Removed the fork parameter
  • GMavenPlus no longer includes JLine, Jansi, Ant, or Ivy dependencies
Notes
  • GMavenPlus used to include the Jansi 2.4 and JLine 2.14.6 so that Groovy 2.2.0-beta-1 and newer would have colors work in Groovysh out of the box. However, JLine 2 is EOL, Groovy 5.x uses Jline 3, and Groovy 6.x uses JLine 4. Additionally, Maven 3.9 introduces a JLine 2.x into the classpath. This meant that Groovy 5.x and 6.x would never have their colors work with Maven 3.9.
  • GMavenPlus used to include Ant and Ivy, to make it easy to use @Grab and AntBuilder in scripts, Groovysh, and Groovy Console. The need to remove JLine/Jansi gave a reason to revisit this philosophy. Here are the reasons why this was abandoned.
    • The plugin version can win over the version in the project (unless you make sure to use an <exclusion>
    • To avoid downloading dependencies you may or may not need
    • If future Groovy versions use other versions of Ant/Ivy (like we ran into with JLine/Jansi), we'll have a similar breaking change needed
  • Here are examples of how to add back the dependencies you need 
    <plugin>
  <groupId>org.codehaus.gmavenplus</groupId>
  <artifactId>gmavenplus-plugin</artifactId>
  <version>5.0.0</version>
  <executions>
    <execution>
      <goals>
        <goal>execute</goal>
      </goals>
    </execution>
  </executions>
  <dependencies>
    <!-- Add Apache Ant if using AntBuilder -->
    <dependency>
      <groupId>org.apache.ant</groupId>
      <artifactId>ant</artifactId>
      <version>1.10.15</version>
    </dependency>
    <!-- Add Apache Ivy if using @&#8203;Grab -->
    <dependency>
      <groupId>org.apache.ivy</groupId>
      <artifactId>ivy</artifactId>
      <version>2.5.3</version>
    </dependency>
    <!-- Add JLine 2 if using shell with Groovy 2.x/3.x/4.x -->
    <dependency>
      <groupId>jline</groupId>
      <artifactId>jline</artifactId>
      <version>2.14.6</version>
    </dependency>
    <!-- Add JAnsi 1.x for terminal colors with JLine 2 -->
    <dependency>
      <groupId>org.fusesource.jansi</groupId>
      <artifactId>jansi</artifactId>
      <version>1.18</version>
    </dependency>
  </dependencies>
</plugin>

Full Changelog: groovy/GMavenPlus@4.3.1...5.0.0

v4.3.1

Compare Source

Bugs
  • Fixed an issue where the compile goal would fail when there were no Groovy sources to compile (#​358).
Enhancements

None

Potentially breaking changes

None

Notes

Full Changelog: groovy/GMavenPlus@4.3.0...4.3.1

v4.3.0

Compare Source

Bugs
Enhancements
  • Support toolchains for compilation, GroovyDoc, and stub generation (#​349 and #​356). You can also opt-in to using a forked process using the new fork parameter.
Potentially breaking changes

None

Notes

Full Changelog: groovy/GMavenPlus@4.2.1...4.3.0

v4.2.1

Compare Source

Bugs
  • Fix compatibility with Groovy 4.0.27 and 5.0.0-beta-1 which changed (GROOVY-11668) the signature of the GroovyDocTool constructor (#​335).
Enhancements

None.

Potentially breaking changes

None.

Notes

None.

v4.2.0

Compare Source

Bugs

None

Enhancements
Potentially breaking changes

None

Notes

None

v4.1.1

Compare Source

Bugs
  • Accidentally changed required Maven version from >=3.6.3 to >=3.9.9 (#​324).
Enhancements

None

Potentially breaking changes

None

Notes

None

v4.1.0

Compare Source

Bugs

None

Enhancements
  • Add a property for scripts parameter, so it can be specified from the command line (#​316).
  • Add timeouts for connecting and reading from scripts URLs (#​317).
Potentially breaking changes

None

Notes

None

v4.0.1

Compare Source

Bugs
  • Fix broken plugin due to problems encountered during release process (#​314)
Enhancements

None

Potentially breaking changes

None

Notes

None

v4.0.0

Compare Source

Bugs

None

Enhancements
  • Support Java 22 and 23 (#​302)
  • Multiple dependency upgrades, including some that fixed CVEs
  • Added a warning about using SecurityManager to prevent System.exit() calls. JEP 411 deprecated SecurityManager in Java 17, for future removal. It is unclear what it will be replaced with for the use case of preventing System.exit() usages. JDK-8199704 is one possibility.
Potentially breaking changes
  • Updated the required Maven version to 3.6.3 to conform to the compatibility plan (#​309)
Notes

None

v3.0.2

Compare Source

Bugs

[#​280] The 3.0.1 jar was corrupt (thanks @​eugene-sadovsky for reporting this!).

Enhancements
Potentially breaking changes

None.

Notes

The CVE fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.

v3.0.1

Compare Source

Bugs
  • [#​276] Fix that enabling skipBytecodeCheck causes the Groovy version to be reported as not supporting the goal (thanks for reporting this @​jgenoctr!).
Enhancements
Potentially breaking changes

None.

Notes

The CVEs fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.

v3.0.0

Compare Source

Bugs
Enhancements
Potentially breaking changes

Maven's compatibility plan marked Maven versions older than 3.2.5 as EOL in March 2023. Therefore, we now require 3.2.5 to move forward with the rest of the ecosystem.

Notes

Fixing the validation warnings removed some Maven dependencies from the plugin's classpath (instead of using the ones from Maven itself). I'm not aware of any negative consequences of this, but it's possible certain specialized use cases might encounter changes in behavior.

v2.1.0

Compare Source

Bugs

None.

Enhancements
  • [#​230] Recognize JDK 19 as a valid target bytecode.
  • [#​232] Recognize JDK 20 as a valid target bytecode.
Potentially breaking changes

None.

Notes

None.

v2.0.0

Compare Source

Bugs

None.

Enhancements
  • [#​210] Improve error messages when Groovy classes can't be located (avoiding the NullPointerExceptions that were causing confusion and instead throwing our own exception).
  • [#​221] apache/groovy@8d19017 (comment) caused an exception to be thrown for Groovy 4.0.0-RC-1 and newer when binding properties in a script/console/shell and bindPropertiesToSeparateVariables is false. The error logging when this happens has been improved.
  • [#​223] Support 5, 6, 7, 8, and 1.9 arguments to targetBytecode so that validation doesn't unexpectedly fail since it uses the maven.compiler.target property and these arguments are valid for javac.
Potentially breaking changes

This release requires Java 8 and drops support for Java 7. This was necessary to update dependencies which fix vulnerabilities. Specifically, in maven-archiver. At the time of release, the following dependencies were not compatible with Java 7

  • org.apache.commons:commons-compress
  • org.codehaus.plexus:plexus-archiver
  • org.apache.maven:maven-archiver
  • org.codehaus.plexus:plexus-io
  • org.codehaus.plexus:plexus-utils

This is not the first breaking release, but it is the first breaking release to follow the semver conventions.

Notes

None.

v1.13.1

Compare Source

Bugs
  • [#​203] Using bindAllProjectProperties and bindSessionUserOverrideProperties together can cause an NPE (thanks for reporting this @​sebthom!).
Enhancements

None

Potentially breaking changes

None.

Notes

None.

v1.13.0

Compare Source

Bugs

None.

Enhancements
Potentially breaking changes

None.

Notes

None.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Holiday renovate sbg

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants