Bump the minor-patch group across 1 directory with 7 updates

[dependabot]

Bumps the minor-patch group with 7 updates in the / directory:

Package	From	To
com.sap.cloud.sdk:sdk-bom	5.30.0	5.31.0
org.sonatype.central:central-publishing-maven-plugin	0.10.0	0.11.0
com.github.spotbugs:spotbugs-maven-plugin	4.9.8.3	4.10.2.0
com.diffplug.spotless:spotless-maven-plugin	3.6.0	3.7.0
com.github.spotbugs:spotbugs-annotations	4.10.1	4.10.2
software.amazon.awssdk:s3	2.46.6	2.46.11
com.azure:azure-storage-blob	12.34.0	12.35.0

Updates com.sap.cloud.sdk:sdk-bom from 5.30.0 to 5.31.0

Release notes

Sourced from com.sap.cloud.sdk:sdk-bom's releases.

Release 5.31.0

5.31.0 - June 10, 2026

All Release Changes

✨ New Functionality

• OAuth token requests to IAS now attempt to dynamically resolve the IAS tenant host, if not given. When the current tenant does not contain a subdomain, and the IAS service binding contains the property btp-tenant-api, then an HTTP call to that URL is performed to obtain the IAS tenant host.

📈 Improvements

• (Generic OData Client) Allow for parameters in OData v4 expand sub-queries.

What's Changed

• chore: Update netty versions by @​Jonas-Isr in SAP/cloud-sdk-java#1171
• chore: [DevOps] bump the test group with 4 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1176
• chore: [DevOps] bump the production-minor-patch group with 10 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1175
• [IAS] Dynamically Resolve IAS Host On-Demand by @​MatKuhr in SAP/cloud-sdk-java#1177
• fix: [OData Generic] Enable query params on odatav4 expand by @​newtork in SAP/cloud-sdk-java#1181
• chore: Set permissions for GH workflows explicitly by @​Jonas-Isr in SAP/cloud-sdk-java#1182
• chore: [DevOps] bump the test group with 4 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1193
• chore: [DevOps] bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 in the plugins group by @​dependabot[bot] in SAP/cloud-sdk-java#1192
• chore: [DevOps] bump slackapi/slack-github-action from 3.0.2 to 3.0.3 in the github-actions group by @​dependabot[bot] in SAP/cloud-sdk-java#1189
• fix: [OpenAPI] Api client method with oneOf primitive param stays simplified in OpenAPI generator 7.22.0 by @​CharlesDuboisSAP in SAP/cloud-sdk-java#1179
• chore: [DevOps] bump the production-minor-patch group across 1 directory with 13 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1194
• chore: [DevOps] bump org.json:json from 20251224 to 20260522 in the production-major group by @​dependabot[bot] in SAP/cloud-sdk-java#1191
• chore: [DevOps] Update Jackson to 2.22.0 by @​rpanackal in SAP/cloud-sdk-java#1195
• chore: [DevOps] bump net.bytebuddy:byte-buddy from 1.18.9 to 1.18.10 in the test group by @​dependabot[bot] in SAP/cloud-sdk-java#1200
• chore: [DevOps] bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 in the plugins group by @​dependabot[bot] in SAP/cloud-sdk-java#1199
• chore: [DevOps] bump the production-minor-patch group with 2 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1198
• fix: [Connectivity] Change (almost) all JKS usage to PKCS12 by @​rpanackal in SAP/cloud-sdk-java#1185

Full Changelog: https://github.com/SAP/cloud-sdk-java/commits/rel/5.31.0

Commits

• e92c7cb Update to version 5.31.0
• 59ff59f fix: [Connectivity] Change (almost) all JKS usage to PKCS12 (#1185)
• 1f54450 chore: [DevOps] bump the production-minor-patch group with 2 updates (#1198)
• ce2edb0 chore: [DevOps] bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 in ...
• a568465 chore: [DevOps] bump net.bytebuddy:byte-buddy from 1.18.9 to 1.18.10 in the t...
• 65c23fe chore: [DevOps] Update Jackson to 2.22.0 (#1195)
• 0691c51 chore: [DevOps] bump org.json:json from 20251224 to 20260522 in the productio...
• f5480c9 chore: [DevOps] bump the production-minor-patch group across 1 directory with...
• 11c7bcd fix: [OpenAPI] Api client method with oneOf primitive param stays simplified ...
• fd2cdb7 chore: [DevOps] bump slackapi/slack-github-action from 3.0.2 to 3.0.3 in the ...
• Additional commits viewable in compare view

Updates org.sonatype.central:central-publishing-maven-plugin from 0.10.0 to 0.11.0

Commits

• See full diff in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.3 to 4.10.2.0

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.10.2.0

• Support spotbugs 4.10.2

What's Changed

• Update ci.yaml by @​hazendaz in spotbugs/spotbugs-maven-plugin#1429
• Update spotbugs.version to v4.10.2 by @​renovate[bot] in spotbugs/spotbugs-maven-plugin#1425

Full Changelog: spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.5...spotbugs-maven-plugin-4.10.2.0

Spotbugs Maven Plugin 4.9.8.5

What's Changed

• Update README.md by @​hazendaz in spotbugs/spotbugs-maven-plugin#1426
• [fix] Toolchain used wrong flag name 'executable' instead of 'jvm' by @​hazendaz in spotbugs/spotbugs-maven-plugin#1428

Full Changelog: spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.4...spotbugs-maven-plugin-4.9.8.5

Spotbugs Maven Plugin 4.9.8.4

• build support for maven 4 with maven 4 plugins
• spotbugs extensions jars now moved to target/spotbugs instead of root
• new spotbugs-aggregate mojo for multi module
• support maven toolchains
• block gui when environment is headless
• all spotbug extensions as regular dependencies
• learn to map spotbug extensions to their source project documentation
• in auxiliary class path exclude java.* packages
• improve code coverage

note: This release was done on older spotbugs (not the new 4.10.1) on purpose to keep these changes separate from that of spotbugs. The spotbugs 4.10.1 support release will be available in a day or two and users can otherwise override the core module as there are no changes to be done internally.

Commits

• 2d39b75 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.10.2.0
• 6c300e6 [pom] Bump internal spotbugs to 4.9.8.5
• 250d685 Merge pull request #1425 from spotbugs/renovate/spotbugs.version
• 12f6fb3 Merge pull request #1429 from spotbugs/hazendaz-patch-1
• aaf0a09 Update ci.yaml
• 8b5dff4 Merge branch 'master' into renovate/spotbugs.version
• c83698d Update pom.xml
• b8788fd [maven-release-plugin] prepare for next development iteration
• f758cb5 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.8.5
• cec6af5 Update pom.xml
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.6.0 to 3.7.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.7.0

Fixed

• Parse standard git year output in LicenseHeaderStep. (#2940)
• <toggleOffOn> no longer disables lint-only steps such as <forbidWildcardImports>. (#2962)
• Fix StringIndexOutOfBoundsException in scenarios where copyright year is surrounded by whitespace. (#2973)

Added

• Add support for AsciiDoc formatting via adocfmt. (#2960)
• <flexmark> step now supports arbitrary formatter options via <formatterOptions>. (#2968)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[4.7.0] - 2026-06-16

Added

• Add support for AsciiDoc formatting via adocfmt. (#2960)
• flexmark step now supports arbitrary formatter options via a formatterOptions map. (#2968)

Fixed

• FenceStep.preserveWithin now forwards lints from nested steps while still suppressing lints inside preserved blocks. (#2962)
• Support ktfmt 0.63 and use its new builder API for formatting options to better avoid future breaking changes.
• Parse standard git year output in LicenseHeaderStep. (#2940)
• Fix StringIndexOutOfBoundsException in scenarios where copyright year is surrounded by whitespace. (#2973)

Changes

• Bump default greclipse version to latest 4.35 -> 4.39. (#2924)

[4.6.2] - 2026-05-27

Fixed

• P2Provisioner now passes cache directory overrides directly to Solstice. (#2944)
• forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)
• versionCatalog step no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)

Changes

• EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)
• Formatter no longer recomputes line-ending normalization (LineEnding.toUnix) a second time for every formatter step that changes content, removing redundant O(n) work from the core formatting loop. (#2934)
• expandWildcardImports support pom type dependency. (#2839)

[4.6.1] - 2026-05-15

Fixed

• LicenseHeaderStep in SET_FROM_GIT year mode no longer invokes git log through bash -c / cmd /c, eliminating a shell-injection vector when processing repositories that contain files whose names include shell metacharacters.

[4.6.0] - 2026-05-14

Added

• scalafmt() now reads the version from the version field in the scalafmt config file when no version is explicitly set in the plugin config, falling back to the built-in default only if neither is available. (#2922)
• Add versionCatalog step for formatting and sorting Gradle version catalog (.toml) files. (#2916)
• Add javaparserVersion option to the Cleanthat step, allowing callers to override the JavaParser version pulled in transitively by Cleanthat. (#2903)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)

... (truncated)

Commits

• ef7703a Published maven/3.7.0
• 91113e0 Published gradle/8.7.0
• 611b48e Published lib/4.7.0
• 5f3a85f ci(deploy): use base64 -w0 so the auth header has no embedded newline
• f84f025 ci(deploy): force HTTP/1.1 on git fetch origin main
• 780f0f6 fix(spotless/gradle-plugin): Fix StringIndexOutOfBoundsException in scenari...
• b0328c8 Update plugin rewrite to v7.34.0 (#2972)
• 9a502ce Update plugin com.gradle.develocity to v4.4.2 (#2971)
• b4d9ec0 Revert the changes to assertUnchanged() and use assertTransform() when ne...
• 787819d Remove unneeded debug comments
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-annotations from 4.10.1 to 4.10.2

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

4.10.2

SpotBugs 4.10.2

CHANGELOG

Build

• Add release protection to ensure version released matches the tag and that snapshot has been removed. (#4156)
• Drop binary incompatible Saxon-HE back to 12.9 to keep java 11 compatibility. (#4159)
• Add binary check to the gradle build to ensure compatibility remains. (#4159)

CHECKSUM

file	checksum (sha256)
spotbugs-4.10.2-javadoc.jar	97bf36f386f75cecacbb7663700266d65176f8544c6f62bc7f21e0ecfb868444
spotbugs-4.10.2-sources.jar	76476f61ce6dc0eb0c38801e21da44e77043ba21226aef6c1b9d21df06d2395a
spotbugs-4.10.2.tgz	63d7687c35fba12cbc8e55ec2a889a2bbf1b9be299dea91f2b0d351dc285308a
spotbugs-4.10.2.zip	d5c9ad825cd015fc943802f5c96d89c515fd9a6f7fbbd9ddc7d0aa24b13664df
spotbugs-annotations-4.10.2-javadoc.jar	a948f311281429a3060e4870d5a60e8508372113ce678c7e1e04b58ba07a2ec2
spotbugs-annotations-4.10.2-sources.jar	87974d23caffbc8c6e66c567747627267b5ed06573cee966d7af6d236b8d65bd
spotbugs-annotations.jar	5335e5107c74cdd62ef96a7908066c51abb3de63b1ebf99dc953c2c7d0747678
spotbugs-ant-4.10.2-javadoc.jar	6e016db4c2929c0319c9f973ec1c76724d9ba17d26cd7b87136a8dbf0731cecb
spotbugs-ant-4.10.2-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	46f5c9524c08d027cf96cda2704e5d8ded633626b94a19dc9ced3ae67595d80b
test-harness-4.10.2-javadoc.jar	ec93ddaa099a27c8fdb0522d8c0b24a3d696e10aaf7d71a5d8426a643c00f1b2
test-harness-4.10.2-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.10.2.jar	bd10d1f11a1b93e4ca4db4d27772f611bd3407f9452dbbd2d1ba62584ddc171f
test-harness-core-4.10.2-javadoc.jar	a9782f2a1ecb26d561b4601c46f2dbcfbe4045d587c6ce545ae830cd61399118
test-harness-core-4.10.2-sources.jar	043a55d99a517c0d9cf702b0c183b4afd3f03af9eff4a86d59bb37df1b35b532
test-harness-core-4.10.2.jar	1f9a0ee8f150dd71f960ca4f59dcf7912a45d0e9e6aefc4585fd44b975454bc0
test-harness-jupiter-4.10.2-javadoc.jar	eb18358668b3f2099ddcfe21e817210d34ee969eb7fecc6f697c6eecca803846
test-harness-jupiter-4.10.2-sources.jar	17144f315686bfd01c02fa4ae7c916060c41de8eed58d5b8470416fa08f46ced
test-harness-jupiter-4.10.2.jar	a91146da3e993479cfefd2690781cbd102c6360ecc63a96d88995be3bd60fcbb

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.10.2 - 2026-06-09

Build

• Add release protection to ensure version released matches the tag and that snapshot has been removed. (#4156)
• Drop binary incompatible Saxon-HE back to 12.9 to keep java 11 compatibility. (#4159)
• Add binary check to the gradle build to ensure compatibility remains. (#4159)

Commits

• 9efccc9 release v4.10.2
• 205d91b Check binary compatibility (#4159)
• a177422 Update spring core to v7.0.8 (#4158)
• 2d6857f update sonatype link in RELEASE_PROCEDURE.md (#4157)
• 32d4fb9 chore(build): Add verification on tag release that version matches the tag (#...
• 6657922 prepare for next release
• See full diff in compare view

Updates software.amazon.awssdk:s3 from 2.46.6 to 2.46.11

Updates com.azure:azure-storage-blob from 12.34.0 to 12.35.0

Commits

• 4c656eb Storage - STG102 GA Release Changes (#49432)
• ff8a3bf eng, remove code generation for swagger/autorest (#49438)
• 3bc83be Update helper function to print nested exception details. (#49447)
• 4f8efdd Update the skills in tools repo to match specs repo (#49444)
• defcb11 Fix and update stress tests for Event Hubs and Service Bus (#49435)
• 9e5e441 Sync eng/common directory with azure-sdk-tools for PR 15969 (#49439)
• 7a6c9d9 Allow relative links for AGENTS.md (#49420)
• accb866 Increment package versions for core releases (#49431)
• d91de20 Default first mgmt-plane TypeSpec SDK release to 1.0.0-beta.1 (#49399)
• ac2c50c Generate SDK based on TypeSpec 0.45.2 (#49427)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions