Bump plexus-archiver from 3.6.0 to 4.4.0

[dependabot[bot]]

Bumps plexus-archiver from 3.6.0 to 4.4.0.

Release notes

Sourced from plexus-archiver's releases.

4.4.0

🚀 New features and improvements

• Drop legacy plexus API and use only JSR330 components (#220) @​cstamas

4.3.0

🚀 New features and improvements

• Require Java 8 (#206) @​plamentotev
• Refactor to use FileTime API (#199) @​jorsol
• Rename setTime method to setZipEntryTime (#209) @​jorsol
• Convert InputStreamSupplier to lambdas (#212) @​jorsol
• Update plexus-container-default to 2.1.1, commons-io 2.11.0 (#211) @​jorsol
• FIX: Reproducible Builds not working when using modular jar (#205) @​jorsol

📦 Dependency updates

• Bump plexus-parent from 8 to 10 (#219) @​dependabot
• Bump plexus-io from 3.2.0 to 3.3.1 (#214) @​dependabot
• Bump plexus-utils from 3.4.1 to 3.4.2 (#218) @​dependabot

Plexus Archiver 4.2.7

🚀 New features and improvements

• Respect order of META-INF/ and META-INF/MANIFEST.MF entries in a JAR file (#189) @​michael-o

Plexus Archiver 4.2.6

This release updates commons-compress to 1.21 which contains security fixed for CVE-2021-35517 CVE-2021-35516 CVE-2021-35515 CVE-2021-36090

This version requires Java 8 as minimum (commons-compress 1.21 requires Java 8).

🚀 New features and improvements

• FileInputStream, FileOutputStream, FileReader and FileWriter are no longer used (#183) @​jorsol
• Code cleanup (#172) @​olamy

📦 Dependency updates

• Bump plexus from 7 to 8 (#179) @​dependabot
• Bump plexus-utils from 3.3.0 to 3.4.1 (#181) @​dependabot
• Bump commons-compress from 1.20 to 1.21 (#177) @​dependabot

Plexus Archiver 4.2.5

🚀 New features and improvements

• Speed improvements (#157) @​gnodet

... (truncated)

Changelog

Sourced from plexus-archiver's changelog.

Plexus Archiver Release Notes

Plexus Archiver 4.2.1

Bugs

• [Issue #126][issue-126] - Fixed broken javadoc for Archiver#configureReproducible.
• [Issue #127][issue-127] - Fixed reproducible zip entry time depends on local daylight saving time.

Plexus Archiver 4.2.0

Improvements

• [Pull Request #121][pr-121] - Add API to configure reproducible archives - Archiver#configureReproducible.
• Add option to force the user and group for all archive entries.
• Add option to force the last modified date for all archive entries.
• [Issue #114][issue-114] - Add option to provide Comparator for Archiver. The archive entries will be added in the order specified by the provided comparator.
• [Pull Request #117][pr-117] - Add option to limit the output size for AbstractZipUnArchiver as a way of protection against ZIP bombs. Thanks to Sergey Patrikeev and Semyon Atamas.
• Various code improvements. Thanks to Semyon Atamas and Sergey Patrikeev.

Bugs

• [Issue #94][issue-94] - Fixed setting archiver destination to the working directory causes NullPointerException.

Tasks

• [Issue #119][issue-119] - Updated dependencies: commons-compress to 1.18, plexus-io to 3.2.0 and plexus-utils to 3.3.0.

Plexus Archiver 4.1.0

Improvements

• [Issue #110][issue-110] - Add option to omit "Created-By" manifest entry.

Plexus Archiver 4.0.0

... (truncated)

Commits

• ac624a7 [maven-release-plugin] prepare release plexus-archiver-4.4.0
• 4c51190 Bump to 4.4.0
• 48d3280 Drop legacy plexus API and use only JSR330 components (#220)
• 337214c [maven-release-plugin] prepare for next development iteration
• 88d132a [maven-release-plugin] prepare release plexus-archiver-4.3.0
• e135a2b Bump plexus from 8 to 10
• e8eecf2 switch build badge from Travis to GH
• d715d64 Bump release-drafter/release-drafter from 5.19.0 to 5.20.0
• 50c5fc0 Rename setTime method to setZipEntryTime
• ee2f99d Bump plexus-io from 3.2.0 to 3.3.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)