Skip to content

chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v3.2.8#100

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/org.apache.maven.plugins-maven-gpg-plugin-3.x
Open

chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v3.2.8#100
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/org.apache.maven.plugins-maven-gpg-plugin-3.x

Conversation

@renovate

@renovate renovate Bot commented Apr 27, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
org.apache.maven.plugins:maven-gpg-plugin (source) 3.0.13.2.8 age confidence

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from filipowm April 27, 2026 10:10
@augmentcode

augmentcode Bot commented Apr 27, 2026

Copy link
Copy Markdown
🤖 Augment PR Summary

Summary: Updates the build’s artifact-signing tooling by bumping org.apache.maven.plugins:maven-gpg-plugin from 3.0.1 to 3.2.8.

Why: Keeps release/signing infrastructure current with upstream fixes and dependency updates.

🤖 Was this summary useful? React with 👍 or 👎

@augmentcode augmentcode Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. 1 suggestion posted.

Fix All in Augment

Comment augment review to trigger a new review at any time.

Comment thread pom.xml
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.0.1</version>
<version>3.2.8</version>

@augmentcode augmentcode Bot Apr 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a major version jump (3.0.1 → 3.2.8); newer maven-gpg-plugin releases introduce additional “best practices” warnings/behavior that can break non-interactive signing depending on the CI GnuPG/pinentry setup. Consider validating that the release profile still signs successfully with the current --pinentry-mode loopback configuration in your release environment.

Severity: medium

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants