build(deps): bump plugin from 4.16 to 4.33

Created by: dependabot[bot]

Bumps plugin from 4.16 to 4.33.

Release notes

Sourced from plugin's releases.

4.33

🚀 New features and improvements

• Bump Jenkins version to 2.249; clean up plugin parent POM (#480) @​basil

📦 Dependency updates

• Bump incrementals-maven-plugin from 1.2 to 1.3 (#483) @​dependabot
• Bump frontend-maven-plugin from 1.12.0 to 1.12.1 (#484) @​dependabot
• Bump incrementals-enforcer-rules from 1.2 to 1.3 (#485) @​dependabot
• Bump maven-site-plugin from 3.9.1 to 3.10.0 (#481) @​dependabot

👻 Maintenance

• Sort a few dependencies in the dependencyManagement section (#482) @​basil
• Adopt POM Code Convention (#479) @​basil

4.32

💥 Compatibility warning

The Enforcer update in #456 triggers new errors in many plugins involving provided scope. If a Dependabot update produces a build failure mentioning RequireUpperBoundDeps, first update the plugin BOM to 1090.v0a_33df40457a_ or later (which necessitates updating the minimum Jenkins version to 2.289.1 or later), then rebase the Dependabot update against the result with @dependabot rebase. If you cannot update the plugin BOM to 1090.v0a_33df40457a_ or later, then exclude the problematic dependency trail to satisfy Enforcer.

You will also need to switch annotations from javax.annotation.* to edu.umd.cs.findbugs.annotations.* equivalents as in jenkinsci/jenkins#4604.

🚨 Removed

• Remove JSR 305 annotations (#467) @​basil

🚀 New features and improvements

• Get annotation versions from core BOM (#470) @​basil
• Ban vulnerable versions of Apache Log4j 2 (#465) @​basil

🐛 Bug fixes

• Work around issues on 2.222.x, 2.235.x, and 2.289.x (#477) @​basil
• Exclude javax.servlet:servlet-api (#469) @​basil

📦 Dependency updates

• Bump Extra Enforcer rules from 1.3 to 1.5.1 (#471) @​Vlatombe
• Bump Jenkins test harness from 1645.vf98fc478f846 to 1674.v3b8b1441e939 (#476, #464) @​basil
• Bump Maven HPI plugin from 3.20 to 3.22 (#475, #460) @​dependabot
• Bump Mockito from 4.0.0 to 4.2.0 (#474, #459) @​dependabot
• Bump Access modifier from 1.25 to 1.27 (#473) @​basil
• Bump SpotBugs annotations from 4.4.2 to 4.5.1 (#466, #454) @​dependabot
• Bump Mock Repository Manager Maven plugin from 1.2.0 to 1.3.0 (#463) @​dependabot
• Bump GMavenPlus plugin from 1.13.0 to 1.13.1 (#461) @​dependabot
• Bump Maven Enforcer plugin from 3.0.0-M3 to 3.0.0 (#456) @​basil

... (truncated)

Commits

• 875cb59 [maven-release-plugin] prepare release plugin-4.33
• 6bf6ae8 Bump incrementals-maven-plugin from 1.2 to 1.3 (#483)
• 4c577ad Bump frontend-maven-plugin from 1.12.0 to 1.12.1 (#484)
• d1250ce Bump incrementals-enforcer-rules from 1.2 to 1.3 (#485)
• 112c708 Sort a few dependencies in the dependencyManagement section (#482)
• 05c9e09 Merge pull request #480 from basil/cleanup
• 8347830 Bump Jenkins version to 2.249; clean up plugin parent POM
• cd17304 Bump maven-site-plugin from 3.9.1 to 3.10.0 (#481)
• 0955f6e Adopt POM Code Convention (#479)
• ce864e3 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)