chore(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.0.0 to 3.5.0 in /jans-core

[dependabot]

Bumps org.apache.maven.plugins:maven-checkstyle-plugin from 3.0.0 to 3.5.0.

Commits

• 868abc9 [maven-release-plugin] prepare release maven-checkstyle-plugin-3.5.0
• 9043f8a [MCHECKSTYLE-446] Dynamically calculate xrefLocation/xrefTestLocation
• 0e7bd00 [MCHECKSTYLE-445] Upgrade to Doxia 2.0.0 Milestone Stack
• b92666d Bump org.apache.maven.plugins:maven-plugins from 42 to 43
• 3699112 use new Reproducible Central badge endpoint
• d1076a3 Bump org.apache.commons:commons-lang3 from 3.15.0 to 3.16.0
• b5a4300 Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.15.0
• ccb9d9f Directory, not folder
• fbe29ae Remove outdated invoker conditions
• 67aeb01 Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.23 to 1.24
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The provided code change updates the maven-checkstyle-plugin version in the jans-core/pom.xml file, which is not directly related to security vulnerabilities but can indirectly contribute to the overall security of the application by helping to ensure well-structured, readable, and maintainable code.

Expand for full summary

Summary:

The provided code change appears to be an update to the maven-checkstyle-plugin version in the jans-core/pom.xml file. Specifically, the version is being updated from 3.0.0 to 3.5.0. From an application security perspective, this change is not directly related to security vulnerabilities or risks, as the maven-checkstyle-plugin is a tool used for enforcing code style and quality standards. However, maintaining up-to-date dependencies, including build tools and plugins, is an important aspect of secure software development. Additionally, the maven-checkstyle-plugin can indirectly contribute to the overall security of the application by helping to ensure well-structured, readable, and maintainable code, which can make it easier to identify and address potential security issues during the development and review process.

Files Changed:

• jans-core/pom.xml: This file has been updated to use the latest version of the maven-checkstyle-plugin, from 3.0.0 to 3.5.0. This change is not directly related to application security concerns, but it is a good practice to review all code changes, including build-related updates, to ensure that they do not introduce any unintended security implications.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[dependabot]

Superseded by #9956.