Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

[dependabot]

Bumps org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0.

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

• [MSOURCES-140] - fail only if re-attach different files (#24) @​hboutemy

👻 Maintenance

• Bump m-invoker-p to 3.9.1 (#251) @​slachiewicz
• Allow to manually execute release drafter (#58) @​slawekjaranowski
• GH Issues (Maven 3 branch) (#57) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @​Bukama

📦 Dependency updates

• Use plexus-utils version from parent (#252) @​slachiewicz
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]
• Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]
• [MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]
• [MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]
• [MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

Commits

• ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
• 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
• 7a9a770 [maven-release-plugin] prepare for next development iteration
• 292c1ce Use plexus-utils version from parent
• bf79b71 Bump m-invoker-p to 3.9.1
• 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
• a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
• 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
• ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #24
Resolves #251
Resolves #58
Resolves #57
Resolves #49
Resolves #252
Resolves #247
Resolves #248
Resolves #241
Resolves #242
Resolves #246
Resolves #221
Resolves #233
Resolves #229
Resolves #218
Resolves #226
Resolves #222
Resolves #68
Resolves #63
Resolves #66
Resolves #27
Resolves #23
Resolves #25
Resolves #26

[github-actions]

🤖 Claude Code Review

I'll proceed with the code review of this pull request immediately.

PR Code Review

Summary

This PR updates the maven-source-plugin version from 3.3.1 to 3.4.0 in the project's pom.xml. This is a minor version bump of a Maven build plugin.

---

Detailed Review Against Checklist

Code Quality

✅ Code follows style guide - pom.xml:509

• This is a simple dependency version update in XML format
• Follows standard Maven POM conventions
• No style issues identified

✅ No commented-out code - pom.xml:506-512

• No commented code in the diff

✅ Meaningful variable names - N/A

• This is a configuration change, not code with variables

✅ DRY principle followed - N/A

• Not applicable to a version number update

✅ Defects & Logic errors

• No bugs, logic errors, or security vulnerabilities introduced
• This is a dependency version update only
• The maven-source-plugin is a well-maintained Apache Maven plugin used for creating source JARs

⚠️ Project memory configuration - CLAUDE.md

• The project's CLAUDE.md states: "DO NOT make direct code changes"
• However, this appears to be an automated dependency update (likely from Dependabot based on the commit history pattern)
• No concerns with the CLAUDE.md configuration itself

---

Testing

⚠️ Testing coverage

• No new tests are needed for a plugin version update
• However, should verify that:
  • The build still completes successfully
  • Source JARs are still generated correctly
  • No breaking changes in maven-source-plugin 3.4.0

Recommendation: Ensure CI/CD pipeline passes, particularly the build and packaging steps.

---

Documentation

✅ Documentation updates

• No documentation updates needed for a plugin version bump
• This is an internal build dependency, not user-facing

⚠️ CHANGELOG.md

• Not updated in this PR
• For dependency updates, this is typically acceptable unless it's a major version change or affects functionality
• Consider whether dependency bumps are tracked in your changelog

---

Security

✅ No hardcoded credentials - pom.xml:506-512

• No credentials present

✅ Input validation - N/A

• Not applicable to this change

✅ Proper error handling - N/A

• Not applicable to this change

✅ No sensitive data in logs - N/A

• Not applicable to this change

✅ No license files or sensitive strings

• No .lic files or AQAAAD strings in the diff

---

Overall Assessment

✅ APPROVED WITH RECOMMENDATIONS

This is a clean, low-risk dependency update. The change:

• Updates a build plugin to a newer minor version
• Introduces no code changes
• Poses minimal security risk
• Follows Maven conventions

Recommendations:

1. Verify build success: Ensure CI/CD passes completely, especially:

   • mvn clean install
   • mvn package (to verify both JAR artifacts are created correctly)

2. Check maven-source-plugin release notes: Review the 3.4.0 release notes to understand what changed between 3.3.1 and 3.4.0

3. CHANGELOG consideration: Decide if your project tracks dependency updates in CHANGELOG.md. If so, add a brief entry.

Risk Level: LOW

This is a standard dependency maintenance update with minimal impact on functionality.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review: Bump maven-source-plugin from 3.3.1 to 3.4.0

Review Analysis

Code Quality ✅

• ✅ Code follows style guide: This is a dependency version update only, no code changes
• ✅ No commented-out code: N/A for dependency update
• ✅ Meaningful variable names: N/A for dependency update
• ✅ DRY principle followed: N/A for dependency update
• ✅ Identify Defects: No defects identified. This is a straightforward Maven plugin version bump with no logic changes

Testing ✅

• ✅ Unit tests for new functions: N/A - no functional changes
• ✅ Integration tests for new endpoints: N/A - no functional changes
• ✅ Edge cases covered: N/A - no functional changes
• ✅ Test coverage > 80%: This change does not affect test coverage; it only updates the plugin that packages source JARs

Note: The maven-source-plugin is used during the build process to create source JAR artifacts. It does not affect runtime behavior or require new tests.

Documentation ✅

• ✅ Readme updated if needed: Not required for internal build plugin updates
• ✅ API docs updated: Not required - no API changes
• ✅ Inline comments for complex logic: N/A for dependency update
• ✅ CHANGELOG.md updated: Typically, dependency bumps are documented in CHANGELOG but this appears to be an automated Dependabot update which may handle this separately

Security ✅

• ✅ No hardcoded credentials: None present
• ✅ Input validation implemented: N/A for dependency update
• ✅ Proper error handling: N/A for dependency update
• ✅ No sensitive data in logs: N/A for dependency update
• ✅ No license files (.lic) or AQAAAD strings: None present in this diff

Project-Specific Considerations ✅

According to CLAUDE.md:

• ✅ No direct code changes made: Correct - this is only a POM version update
• ✅ Build compatibility: The maven-source-plugin update should not affect build behavior; it's a patch version update
• ✅ No impact on client/server architecture: This plugin only affects artifact packaging

---

Summary

APPROVED ✅

This is a clean dependency version update from maven-source-plugin 3.3.1 to 3.4.0 (pom.xml:509).

Key Points:

• Low-risk change affecting only build-time artifact generation
• No functional code changes
• No security concerns
• Plugin is used for creating source JARs during mvn package
• Consistent with project's automated dependency management (appears to be Dependabot-generated)

Recommendation: Safe to merge. This is a routine maintenance update that keeps build tooling current without affecting functionality.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Analyzing the pull request diff for bumping maven-source-plugin from 3.3.1 to 3.4.0.

Review Results

Code Quality ✅

• ✅ Style guide compliance: This is a dependency version update in pom.xml:509 - no code style considerations apply
• ✅ No commented-out code: N/A for dependency updates
• ✅ Meaningful variable names: N/A for dependency updates
• ✅ DRY principle: N/A for dependency updates
• ✅ Defects: No bugs, logic errors, or security vulnerabilities introduced. This is a minor version bump of a build plugin
• ✅ Project configuration: Change aligns with standard Maven dependency management practices

Testing ⚠️

• ⚠️ Unit tests: N/A - build plugin update doesn't require new tests
• ⚠️ Integration tests: N/A - build plugin update doesn't affect runtime behavior
• ⚠️ Edge cases: N/A
• ⚠️ Test coverage: No impact on test coverage - this plugin only affects source JAR generation during build

Note: The maven-source-plugin is a build-time plugin that packages source files. It doesn't affect runtime behavior, so functional testing isn't applicable. However, it would be good practice to verify the build completes successfully with the new version.

Documentation ✅

• ✅ README: No update needed - internal dependency change
• ✅ API docs: No update needed - no API changes
• ✅ Inline comments: N/A
• ✅ CHANGELOG.md: May want to document this under a "Dependencies" or "Build" section if tracking build tool versions
• ✅ Markdown formatting: N/A

Security ✅

• ✅ No hardcoded credentials: None present
• ✅ Input validation: N/A for build plugin
• ✅ Error handling: N/A for build plugin
• ✅ Sensitive data in logs: N/A
• ✅ No license files or AQAAAD strings: Clean

Summary

Overall Assessment: ✅ APPROVED

This is a straightforward, low-risk dependency update. The maven-source-plugin 3.4.0 was released as a minor version update and should be backward compatible with 3.3.1.

Recommendations:

1. Build verification: Ensure mvn clean install completes successfully with the new version
2. Optional CHANGELOG entry: Consider adding an entry if you track build tool versions
3. Release notes: Check the maven-source-plugin release notes for any behavioral changes between 3.3.1 and 3.4.0

Risk Level: LOW

• No code logic changes
• No runtime behavior changes
• Standard Maven plugin version bump
• Automated dependency update (likely from Dependabot/Renovate)

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Summary

This PR contains a single dependency version bump for maven-source-plugin from 3.3.1 to 3.4.0.

Detailed Checklist Review

Code Quality

✅ Code follows style guide - No code changes, only dependency version update

✅ No commented-out code - No code changes

✅ Meaningful variable names - N/A, no code changes

✅ DRY principle followed - N/A, no code changes

✅ Identify Defects - No defects introduced. This is a straightforward plugin version bump.

✅ Project memory configuration - No violations of ./.claude/CLAUDE.md policies. This is a dependency update, not a direct code change that would violate the "DO NOT make direct code changes" policy.

Testing

⚠️ Unit tests for new functions - N/A for dependency updates, but should verify build still works

⚠️ Integration tests for new endpoints - N/A

⚠️ Edge cases covered - N/A

⚠️ Test coverage > 80% - No test coverage changes expected

Recommendation: Ensure CI/CD pipeline runs successfully to verify the plugin version update doesn't break source JAR generation.

Documentation

✅ Readme updated if needed - Not required for minor plugin version bump

❌ CHANGELOG.md updated - pom.xml:506 - No CHANGELOG entry found for this dependency update. Per checklist requirements, CHANGELOG.md should be updated.

✅ API docs updated - Not required for plugin version change

✅ Inline comments for complex logic - N/A

✅ Markdown files follow CommonMark - N/A, no markdown changes

Security

✅ No hardcoded credentials - None introduced

✅ Input validation implemented - N/A

✅ Proper error handling - N/A

✅ No sensitive data in logs - N/A

✅ No license files (.lic) checked in - None found in diff

---

Overall Assessment

Status: ✅ APPROVE with minor recommendation

This is a clean dependency version bump that follows Dependabot best practices. The only item requiring attention:

Action Required:

• Update CHANGELOG.md to document the maven-source-plugin version bump (from 3.3.1 to 3.4.0)

Verification Recommended:

• Confirm CI/CD pipeline passes to ensure source JAR generation still works correctly with the new plugin version

The change itself is safe and follows standard dependency maintenance practices.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

I'll review this pull request against the provided checklist.

Code Review Analysis

Code Quality

✅ Code follows style guide - N/A for dependency version bump

✅ No commented-out code - No code changes, only version update

✅ Meaningful variable names - N/A for dependency version bump

✅ DRY principle followed - N/A for dependency version bump

✅ Identify Defects - No bugs or security vulnerabilities introduced. This is a minor version update of the Maven Source Plugin (3.3.1 → 3.4.0), which is a build-time dependency that packages source code. The change is isolated to pom.xml:509.

✅ Project memory compliance - The change aligns with project guidelines. Per CLAUDE.md, this is a configuration file change that should be analyzed rather than directly modified, and this review fulfills that requirement.

Testing

✅ Unit tests for new functions - N/A, no functional code changes

✅ Integration tests for new endpoints - N/A, no functional code changes

✅ Edge cases covered - N/A, this is a build plugin version bump

✅ Test coverage > 80% - No impact on test coverage; existing tests remain valid

Documentation

✅ Readme updated if needed - Not required for internal build plugin updates

✅ API docs updated - Not required; no API changes

✅ Inline comments for complex logic - N/A for dependency version bump

⚠️ CHANGELOG.md updated - CHANGELOG may need updating if the project tracks dependency updates. Typically minor build plugin updates are not user-facing changes, but check project conventions.

✅ Markdown formatting - No markdown files modified

Security

✅ No hardcoded credentials - None present

✅ Input validation implemented - N/A for dependency version bump

✅ Proper error handling - N/A for dependency version bump

✅ No sensitive data in logs - N/A for dependency version bump

✅ No license files or sensitive strings - None detected

---

Summary

Overall Assessment: ✅ APPROVED

This is a clean, low-risk dependency update:

• What changed: Maven Source Plugin version bump from 3.3.1 to 3.4.0 in pom.xml:509
• Risk level: Very low - build-time only dependency
• Impact: No functional code changes, API compatibility maintained
• Recommendation: Approve and merge

Minor consideration: Verify if your project's CHANGELOG.md convention requires logging build plugin updates. Most projects don't track these for minor versions, but check your team's standards.

The maven-source-plugin generates the source JAR artifact during builds. Version 3.4.0 likely includes bug fixes or minor improvements but doesn't affect runtime behavior.

Automated code review analyzing defects and coding standards