Bump the maven group with 3 updates

[dependabot]

Bumps the maven group with 3 updates: org.codehaus.plexus:plexus-xml, org.slf4j:slf4j-simple and org.apache.maven.plugins:maven-scm-publish-plugin.

Updates org.codehaus.plexus:plexus-xml from 3.0.0 to 4.0.4

Release notes

Sourced from org.codehaus.plexus:plexus-xml's releases.

4.0.4

🐛 Bug Fixes

• Allow nulls for write elements in MXSerializer (#29) @​garydgregory
• Remove special chars from xml output (#28) @​slawekjaranowski

📦 Dependency updates

• Bump org.codehaus.plexus:plexus from 17 to 18 (#39) @​dependabot
• Bump org.codehaus.plexus:plexus from 16 to 17 (#35) @​dependabot
• Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 (#37) @​dependabot
• Bump release-drafter/release-drafter from 5 to 6 (#34) @​dependabot

4.0.3

What's Changed

• explain 3 vs 4 by @​hboutemy in codehaus-plexus/plexus-xml#24
• Update dependencies by @​cstamas in codehaus-plexus/plexus-xml#26
• Upgrade to Maven 4.0.0-alpha-9 by @​gnodet in codehaus-plexus/plexus-xml#27

New Contributors

• @​cstamas made their first contribution in codehaus-plexus/plexus-xml#26

Full Changelog: codehaus-plexus/plexus-xml@plexus-xml-4.0.2...plexus-xml-4.0.3

4.0.2

What's Changed

• Cleanup after parent pom upgrade by @​slachiewicz in codehaus-plexus/plexus-xml#22
• Upgrade to 4.0.0-alpha-7 and exclude dependency to sisu (fixes #17) by @​gnodet in codehaus-plexus/plexus-xml#23

New Contributors

• @​slachiewicz made their first contribution in codehaus-plexus/plexus-xml#22

Full Changelog: codehaus-plexus/plexus-xml@plexus-xml-4.0.1...plexus-xml-4.0.2

4.0.0

• Use spotless (#8) @​gnodet
• Fix site generation (#15) @​gnodet
• Switch build ci workflow to master branch (#14) @​gnodet
• Fix SCM urls (#13) @​gnodet
• MXParser tokenization fails when PI is before first tag (fixes #7) (#12) @​gnodet
• Deprecate Xpp3DomUtils (fixes #6) (#9) @​gnodet
• Use a ArrayDeque (#5) @​gnodet
• Upgrade plugins and clean build warnings (#4) @​gnodet
• Switch to junit 5 (#2) @​gnodet
• Fix parsing an UTF-8 file without BOM and ISO-8859-1 encoding (#1) @​gnodet

3.0.1

... (truncated)

Commits

• f25521b [maven-release-plugin] prepare release plexus-xml-4.0.4
• 43dbdca Allow nulls for write elements in MXSerializer
• 6bccd34 Bump org.codehaus.plexus:plexus from 17 to 18 (#39)
• d84cafe Bump org.codehaus.plexus:plexus from 16 to 17 (#35)
• e0a1841 Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 (#37)
• 4ee6e63 ---
• d56dbc9 Config release-drafter on master
• b97a574 Fix release-drafter config
• 14d3067 Fix release-drafter config
• 1977a0b Fix release-drafter config
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-simple from 1.7.36 to 2.0.13

Updates org.apache.maven.plugins:maven-scm-publish-plugin from 3.2.1 to 3.3.0

Commits

• 53cb318 [maven-release-plugin] prepare release maven-scm-publish-plugin-3.3.0
• 12afe10 [MSCMPUB-69] ITs do not properly check for existence of svn/svnadmin/CreateSy...
• 1b4a3ed [MSCMPUB-68] Upgrade plugins and components (in ITs)
• f0d13f8 [MSCMPUB-67] Upgrade to Maven 3.6.3
• b7c8c15 Add more ignores
• 80796c5 Bump org.apache.maven.plugins:maven-plugins from 41 to 42 (#36)
• 5bcd155 [MSCMPUB-66] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 (#26)
• 0baf493 Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0
• 1eb0e43 Bump releasePluginVersion from 3.0.0 to 3.0.1
• 6aec610 [MSCMPUB-65] Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#32)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[ctubbsii]

@hazendaz In 57b4ca2, you switched to commons-logging, instead of redirecting it to use slf4j. In the commit message you mentioned that commons-logging is "bad from the beyond", which I read as "bad enough that we should avoid using it", but instead, you used it. Can you help me understand why?

You also switched to using slf4j 1.7.36 instead of the newer slf4j2, which the jcl-over-slf4j dependency was using. Can you help me understand why we should stay on slf4j 1.7 instead of move to slf4j 2? Because I'm inclined to prefer slf4j2, in order to get the best support from upstream, and it's nearly entirely backwards compatible with slf4j 1.7 anyway. (Not to mention dependabot is going to keep complaining, like it's doing here)

[hazendaz]

Sorry meant back from beyond. Commons logging is going to replace jcl over slf4j and spring jcl at some point. Reason slf4j 1 is due to maven. It's using 1 but maybe that doesn't matter here. I'd prefer 2 as well. Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android<https://aka.ms/AAb9ysg>

…

________________________________ From: Christopher Tubbs ***@***.***> Sent: Friday, June 28, 2024 5:19:32 PM To: revelc/formatter-maven-plugin ***@***.***> Cc: Jeremy Landis ***@***.***>; Mention ***@***.***> Subject: Re: [revelc/formatter-maven-plugin] Bump the maven group with 3 updates (PR #910) @hazendaz<https://github.com/hazendaz> In 57b4ca2<57b4ca2>, you switched to commons-logging, instead of redirecting it to use slf4j. In the commit message you mentioned that commons-logging is "bad from the beyond", which I read as "bad enough that we should avoid using it", but instead, you used it. Can you help me understand why? You also switched to using slf4j 1.7.36 instead of the newer slf4j2, which the jcl-over-slf4j dependency was using. Can you help me understand why we should stay on slf4j 1.7 instead of move to slf4j 2? Because I'm inclined to prefer slf4j2, in order to get the best support from upstream, and it's nearly entirely backwards compatible with slf4j 1.7 anyway. (Not to mention dependabot is going to keep complaining, like it's doing here) — Reply to this email directly, view it on GitHub<#910 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODI4VBYHBH5LHU5B4P3TZJXHOJAVCNFSM6AAAAABJZ3SKKSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOJXGY3TKOJVGU>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.