chore(deps-dev): bump com.diffplug.spotless:spotless-maven-plugin from 2.46.1 to 3.7.0

[dependabot]

Bumps com.diffplug.spotless:spotless-maven-plugin from 2.46.1 to 3.7.0.

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.7.0

Fixed

• Parse standard git year output in LicenseHeaderStep. (#2940)
• <toggleOffOn> no longer disables lint-only steps such as <forbidWildcardImports>. (#2962)
• Fix StringIndexOutOfBoundsException in scenarios where copyright year is surrounded by whitespace. (#2973)

Added

• Add support for AsciiDoc formatting via adocfmt. (#2960)
• <flexmark> step now supports arbitrary formatter options via <formatterOptions>. (#2968)

Maven Plugin v3.6.0

Added

• Add <cacheDirectory> to <eclipse>, <greclipse>, and <eclipseCdt> for the Equo/Solstice P2 cache. (#2944)
• EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)

Fixed

• <versionCatalog> no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)
• spotless:apply no longer aborts on the first file with lints; it now formats all files and reports a single aggregated lint failure across every file, matching the Gradle plugin's behavior. (#2937)
• <greclipse> and <eclipseCdt> now default P2 data to the Maven local repository. (#2944)
• forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)

Changes

• Improved formatting performance by eliminating redundant per-step line-ending normalization in the core formatter loop. (#2934)

Maven Plugin v3.5.1

Fixed

• <licenseHeader> with <yearMode>SET_FROM_GIT</yearMode> no longer runs git log through a shell, eliminating a shell-injection vector when formatting files whose names contain shell metacharacters.
• Bump transitive plexus-utils 4.0.2 -> 4.0.3 to address CVE-2025-67030. (#2919)

Maven Plugin v3.5.0

Added

• <scalafmt> now reads the version from the version field in the scalafmt config file when no <version> is explicitly set, falling back to the built-in default only if neither is available. (#2922)
• Add <toml> format type with <versionCatalog> step for formatting and sorting Gradle version catalog files. (#2916)
• Add <javaparserVersion> option to <cleanthat>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (#2903)
• Add a expandWildcardImports API for java (#2829)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• The -Dspotless.ratchetFrom=... user property now takes priority over <ratchetFrom> configured in the plugin or in individual formatters, instead of being overridden by them. (#2896, fixes #2842)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)
• Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (#2920)
• Bump default cleanthat version 2.24 -> 2.25. (#2903)
• Bump default eclipse-jdt version from 4.35 to 4.39. (#2912)

Maven Plugin v3.4.0

Added

• Add tableTest format type for standalone .table files. (#2880)

Changes

• Bump default tabletest-formatter version 1.0.1 -> 1.1.1, now works with Java 17+. (#2880)

Lib v3.3.1

... (truncated)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[4.7.0] - 2026-06-16

Added

• Add support for AsciiDoc formatting via adocfmt. (#2960)
• flexmark step now supports arbitrary formatter options via a formatterOptions map. (#2968)

Fixed

• FenceStep.preserveWithin now forwards lints from nested steps while still suppressing lints inside preserved blocks. (#2962)
• Support ktfmt 0.63 and use its new builder API for formatting options to better avoid future breaking changes.
• Parse standard git year output in LicenseHeaderStep. (#2940)
• Fix StringIndexOutOfBoundsException in scenarios where copyright year is surrounded by whitespace. (#2973)

Changes

• Bump default greclipse version to latest 4.35 -> 4.39. (#2924)

[4.6.2] - 2026-05-27

Fixed

• P2Provisioner now passes cache directory overrides directly to Solstice. (#2944)
• forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)
• versionCatalog step no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)

Changes

• EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)
• Formatter no longer recomputes line-ending normalization (LineEnding.toUnix) a second time for every formatter step that changes content, removing redundant O(n) work from the core formatting loop. (#2934)
• expandWildcardImports support pom type dependency. (#2839)

[4.6.1] - 2026-05-15

Fixed

• LicenseHeaderStep in SET_FROM_GIT year mode no longer invokes git log through bash -c / cmd /c, eliminating a shell-injection vector when processing repositories that contain files whose names include shell metacharacters.

[4.6.0] - 2026-05-14

Added

• scalafmt() now reads the version from the version field in the scalafmt config file when no version is explicitly set in the plugin config, falling back to the built-in default only if neither is available. (#2922)
• Add versionCatalog step for formatting and sorting Gradle version catalog (.toml) files. (#2916)
• Add javaparserVersion option to the Cleanthat step, allowing callers to override the JavaParser version pulled in transitively by Cleanthat. (#2903)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)

... (truncated)

Commits

• ef7703a Published maven/3.7.0
• 91113e0 Published gradle/8.7.0
• 611b48e Published lib/4.7.0
• 5f3a85f ci(deploy): use base64 -w0 so the auth header has no embedded newline
• f84f025 ci(deploy): force HTTP/1.1 on git fetch origin main
• 780f0f6 fix(spotless/gradle-plugin): Fix StringIndexOutOfBoundsException in scenari...
• b0328c8 Update plugin rewrite to v7.34.0 (#2972)
• 9a502ce Update plugin com.gradle.develocity to v4.4.2 (#2971)
• b4d9ec0 Revert the changes to assertUnchanged() and use assertTransform() when ne...
• 787819d Remove unneeded debug comments
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud