Skip to content

Bump org.mustangproject:library from 2.22.0 to 2.23.1#1247

Closed
dependabot[bot] wants to merge 1 commit into
trunkfrom
dependabot/gradle/org.mustangproject-library-2.23.1
Closed

Bump org.mustangproject:library from 2.22.0 to 2.23.1#1247
dependabot[bot] wants to merge 1 commit into
trunkfrom
dependabot/gradle/org.mustangproject-library-2.23.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown
Contributor

Bumps org.mustangproject:library from 2.22.0 to 2.23.1.

Release notes

Sourced from org.mustangproject:library's releases.

2.23.0 "Bonne Journées de la Facture Électronique"

Highlights

Apart from their validation we now also support writing subinvoice lines (#1073, thanks kschwank).

Plus we merged some France-related pull requests, e.g. the conversion to french PDF (#1083), the configurable BT-23 business process ID for CII export (#1046) and of course validation which now also takes into account the first AFNOR XP12-012 schematron (#1089, thanks @​meparis).

Event

A propos France: we cordially invite potential contributors on the day following the JFE , May 7th 2026, 16:00-17:00 CET, to an free online event to coordinate contributions regading the coming e-invoice obligation in France as of September: Event details and application .

Changelog

On Mustang 2.23.0, the following fixes were applied

  • #993 Cash discount not parsed
  • #1029 Added a breaking change notice regarding the removal of hardcoded values in #729
  • #1044 Correct version of org.apache.pdfbox:fontbox from 3.0.3 to 3.0.6.
  • #1049 Prevent exceptions in validation
  • #1038 Header allowances are aggregated incorrectly for non-XRechnung profiles
  • #1052 Remove parsing OriginatorDocumentReference.ID as date
  • #1055 Correct order of ApplicableTradeTax sub-elements.
  • #1072 Correct XPath-expressions for GrandTotal and TaxBasisTotalAmount.
  • #1075 Vulnerability in dependency PDFBox version 3.0.6
  • #1076 XMP error during validation based on mustang version 2.22. (XMP Metadata: Could not parse XMP metadata (XML invalid))
  • #1084 Fix xml description
  • #1082 Centralize and secure DocumentBuilder creation.
  • reduce possible exceptions in metrics action

And altogether we are talking of the following new features

  • #1037 Compress attachments
  • #1046 Add configurable BT-23 business process ID for CII export
  • #1050 Add validator information to PDF report (name and version)
  • #1061 Add ability to mark an Invoice as a test invoice.
  • #1073 add hierarchical invoice positions in CII XML export for EXTENDED profile
  • #1083 PDF Visualizations in English and French
  • #1089 Add France schematron ruleset
  • added Extended-CTC-FR profile to selection for command line

FYI I will try to renew my expired GPG key in the next maven central release and @​langfr is now co-maintainer: thank you and congratulations.

We are still set for Java 11 in this release but for #1067 fixing #1025 (a convert-to-UBL-issue), we will open a Java17 branch (thanks phax!). We're just not yet sure how to call the new version, this minor correction sounds to small for a "Mustangproject 3.0" release.

Changelog

Sourced from org.mustangproject:library's changelog.

2.23.1

2026-05-13

  • #1108 Regression Issue caused by empty XMP (introduced by #1076)
  • #1120 ZUGFeRDImporter fails to extract Version if XML namespace is not exactly rsm:CrossIndustryInvoice (some of the following changes were already part of 2.23.0)
  • #1043 Fix percentage-based allowance/charge calculations
  • #1093 #814 upgrade CEN EN16931 Schematron from v1.3.12 to v1.3.15
  • #1102 Add BasisAmount to CashDiscount.
  • #1109 Feature fix xml description
  • #1110 Avoid NPE by checking zi.getXMP() is not null.
  • #1116 dont emit empty node for definedTradeContact
  • #1118 Support ram:UltimateShipToTradeParty/
  • #1119 Support ram:DeliveryTypeCode/

2.23.0 "Bonne Journées de la Facture Électronique"

2026-04-23

improved subitem support, support french validation

  • #993 Cash discount not parsed
  • #1029 Added a breaking change notice regarding the removal of hardcoded values in #729
  • #1037 Compress attachments
  • #1038 Header allowances are aggregated incorrectly for non-XRechnung profiles
  • #1044 Correct version of org.apache.pdfbox:fontbox from 3.0.3 to 3.0.6.
  • #1046 Add configurable BT-23 business process ID for CII export
  • #1049 Prevent exceptions in validation
  • #1050 Add validator information to PDF report (name and version)
  • #1052 Remove parsing OriginatorDocumentReference.ID as date
  • #1055 Correct order of ApplicableTradeTax sub-elements.
  • #1061 Add ability to mark an Invoice as a test invoice.
  • #1072 Correct XPath-expressions for GrandTotal and TaxBasisTotalAmount.
  • #1073 add hierarchical invoice positions in CII XML export for EXTENDED profile
  • #1075 Vulnerability in dependency PDFBox version 3.0.6
  • #1076 XMP error during validation based on mustang version 2.22. (XMP Metadata: Could not parse XMP metadata (XML invalid))
  • #1082 Centralize and secure DocumentBuilder creation.
  • #1083 PDF Visualizations in English and French
  • #1084 Fix xml description
  • #1089 Add France schematron ruleset
  • reduce possible exceptions in metrics action
  • added Extended-CTC-FR profile to selection for command line
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.mustangproject:library](https://github.com/ZUGFeRD/mustangproject) from 2.22.0 to 2.23.1.
- [Release notes](https://github.com/ZUGFeRD/mustangproject/releases)
- [Changelog](https://github.com/ZUGFeRD/mustangproject/blob/master/History.md)
- [Commits](https://github.com/ZUGFeRD/mustangproject/commits)

---
updated-dependencies:
- dependency-name: org.mustangproject:library
  dependency-version: 2.23.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 22, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #1376.

@dependabot dependabot Bot closed this Jun 23, 2026
@dependabot dependabot Bot deleted the dependabot/gradle/org.mustangproject-library-2.23.1 branch June 23, 2026 13:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants