From ad02b2a099617e98e9554315a5da961b739740e1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 May 2026 10:41:59 -0700
Subject: [PATCH] Bump com.diffplug.spotless:spotless-plugin-gradle from 8.4.0
 to 8.5.1 (#1628)

Bumps
[com.diffplug.spotless:spotless-plugin-gradle](https://github.com/diffplug/spotless)
from 8.4.0 to 8.5.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/diffplug/spotless/releases">com.diffplug.spotless:spotless-plugin-gradle's
releases</a>.</em></p>
<blockquote>
<h2>Gradle Plugin v8.5.1</h2>
<h3>Fixed</h3>
<ul>
<li><code>licenseHeader</code> with
<code>setLicenseHeaderYearsFromGitHistory()</code> no longer runs
<code>git log</code> through a shell, eliminating a shell-injection
vector when formatting files whose names contain shell
metacharacters.</li>
</ul>
<h2>Gradle Plugin v8.5.0</h2>
<h3>Added</h3>
<ul>
<li><code>scalafmt()</code> now reads the version from the
<code>version</code> field in the scalafmt config file when no version
is explicitly set in the plugin config, falling back to the built-in
default only if neither is available. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2922">#2922</a>)</li>
<li>Add <code>toml</code> format type with <code>versionCatalog()</code>
step for formatting and sorting Gradle version catalog files. (<a
href="https://redirect.github.com/diffplug/spotless/issues/2916">#2916</a>)</li>
<li>Add <code>withIndentStyle</code> and <code>withIndentSize</code>
configuration to <code>tableTestFormatter</code> for setting the
fallback indent when no <code>.editorconfig</code> is found. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2893">#2893</a>)</li>
<li>Add <code>javaparserVersion(...)</code> to <code>cleanthat</code>,
allowing users to override the JavaParser version pulled in transitively
by Cleanthat. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2903">#2903</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix <code>tableTestFormatter</code> editorconfig cache not honoring
<code>.editorconfig</code> changes across Gradle daemon runs due to a
shared static <code>EditorConfigProvider</code>. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2893">#2893</a>)</li>
<li>Preserve case of JDBI named bind params that collide with SQL
keywords (e.g. <code>:limit</code>, <code>:offset</code>) in the DBeaver
SQL formatter. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2899">#2899</a>)</li>
<li>Fix non-idempotent formatting when <code>importOrder()</code> is
combined with <code>greclipse()</code>: a single catch-all group no
longer strips blank lines that <code>greclipse()</code> independently
inserted between import groups. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2914">#2914</a>)</li>
<li>Fix <code>predeclareDepsFromBuildscript()</code> on Gradle 9 by
avoiding mutation of the root buildscript configuration container. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2929">#2929</a>,
fixes <a
href="https://redirect.github.com/diffplug/spotless/issues/2599">#2599</a>)</li>
</ul>
<h3>Changes</h3>
<ul>
<li>Fix <code>expandWildcardImports</code> failing on JDK XML types such
as <code>org.xml.sax.InputSource</code>. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2921">#2921</a>)</li>
<li>Use Eclipse JDT's collator-based comparison when sorting Java
members to better match Eclipse save actions. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2920">#2920</a>)</li>
<li>Bump default <code>cleanthat</code> version <code>2.24</code> -&gt;
<code>2.25</code>. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2903">#2903</a>)</li>
<li>Bump default <code>eclipse-jdt</code> version from <code>4.35</code>
to <code>4.39</code>. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2912">#2912</a>)</li>
<li>Make <code>spotlessPredeclare</code> visible to Gradle Kotlin DSL
type-safe accessors. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2925">#2925</a>)</li>
<li>Allow <code>spotlessPredeclare</code> to be used directly without
enabling it first in spotless extension. (<a
href="https://redirect.github.com/diffplug/spotless/pull/2925">#2925</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/diffplug/spotless/commit/c1595c815d5fdd344505792aa4df588f467f0ca9"><code>c1595c8</code></a>
Published gradle/8.5.1</li>
<li><a
href="https://github.com/diffplug/spotless/commit/b26b570f7eba32554061b036206f675180cd2384"><code>b26b570</code></a>
Published lib/4.6.1</li>
<li><a
href="https://github.com/diffplug/spotless/commit/ac3f6f14a2e007c2d36223335df96a2c9ba92719"><code>ac3f6f1</code></a>
Bump plexus-utils to 4.0.3 to address CVE-2025-67030 (<a
href="https://redirect.github.com/diffplug/spotless/issues/2932">#2932</a>)</li>
<li><a
href="https://github.com/diffplug/spotless/commit/f5039f633d436a8831d09a934a3490d68968d684"><code>f5039f6</code></a>
Bump plexus-utils to 4.0.3 to address CVE-2025-67030</li>
<li><a
href="https://github.com/diffplug/spotless/commit/0e77837d4789cb43b83c21d566fe4185adc4ae2b"><code>0e77837</code></a>
Fix shell-injection in LicenseHeaderStep SET_FROM_GIT mode (<a
href="https://redirect.github.com/diffplug/spotless/issues/2931">#2931</a>)</li>
<li><a
href="https://github.com/diffplug/spotless/commit/84f642329de804615ff16f34d12a2249f1890850"><code>84f6423</code></a>
Fix shell-injection in LicenseHeaderStep SET_FROM_GIT mode</li>
<li><a
href="https://github.com/diffplug/spotless/commit/b87eb75efe54e94a7248ff5e2d07231bcc3a1b55"><code>b87eb75</code></a>
Published maven/3.5.0</li>
<li><a
href="https://github.com/diffplug/spotless/commit/97c3baf34b79d0028a343776bb2c2fb223930355"><code>97c3baf</code></a>
Published gradle/8.5.0</li>
<li><a
href="https://github.com/diffplug/spotless/commit/3dd1a9690270e7191f2c7db8314a9079b127ee76"><code>3dd1a96</code></a>
Published lib/4.6.0</li>
<li><a
href="https://github.com/diffplug/spotless/commit/05d89540ea573eae5c937ca1e9b015b78df83d9f"><code>05d8954</code></a>
Feature maven expand wildcard import (<a
href="https://redirect.github.com/diffplug/spotless/issues/2930">#2930</a>
fixes <a
href="https://redirect.github.com/diffplug/spotless/issues/2829">#2829</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/diffplug/spotless/compare/gradle/8.4.0...gradle/8.5.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.diffplug.spotless:spotless-plugin-gradle&package-manager=gradle&previous-version=8.4.0&new-version=8.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 9cbe6229..f7f364af 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -61,7 +61,7 @@ paguro = "3.10.3"
 shadowPlugin = "9.4.1"
 slf4j = "2.0.18"
 snakeYaml = "3.0.1"
-spotlessPlugin = "8.4.0"
+spotlessPlugin = "8.5.1"
 wiremock = "3.13.2"
 
 [libraries] # ordered alphabetically