Skip to content

fix(deps): update renovate dependency scan #213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update renovate dependency scan #213

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented May 26, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Confidence
actions/checkout action major v4 -> v5 age confidence
actions/setup-java action major v4 -> v5 age confidence
gradle (source) major 8.14 -> 9.2.0 age confidence
maven (source) patch 3.9.9 -> 3.9.11 age confidence
maven-wrapper (source) patch 3.3.2 -> 3.3.4 age confidence
org.apache.maven.plugins:maven-compiler-plugin (source) build patch 3.14.0 -> 3.14.1 age confidence
org.apache.maven.plugins:maven-surefire-plugin (source) build patch 3.5.3 -> 3.5.4 age confidence
org.testcontainers:rabbitmq (source) test patch 1.21.0 -> 1.21.3 age confidence
org.pitest:pitest-junit5-plugin (source) build patch 1.2.2 -> 1.2.3 age confidence
org.testcontainers:mysql (source) test patch 1.21.0 -> 1.21.3 age confidence
org.apache.logging.log4j:log4j-slf4j-impl (source) compile minor 2.24.3 -> 2.25.2 age confidence
org.testcontainers:junit-jupiter (source) test patch 1.21.0 -> 1.21.3 age confidence
org.apache.logging.log4j:log4j-core (source) compile minor 2.24.3 -> 2.25.2 age confidence
org.apache.logging.log4j:log4j-api (source) compile minor 2.24.3 -> 2.25.2 age confidence
org.testcontainers:testcontainers (source) test major 1.21.0 -> 2.0.1 age confidence
org.junit.jupiter:junit-jupiter-engine (source) compile major 5.12.2 -> 6.0.1 age confidence
org.jetbrains:annotations compile patch 26.0.2 -> 26.0.2-1 age confidence
org.projectlombok:lombok (source) compile patch 1.18.38 -> 1.18.42 age confidence
org.springframework:spring-context compile patch 6.2.7 -> 6.2.12 age confidence
org.springframework:spring-beans compile patch 6.2.7 -> 6.2.12 age confidence
com.mysql:mysql-connector-j (source) compile minor 9.3.0 -> 9.5.0 age confidence
io.projectreactor:reactor-bom (source) import major 2024.0.6 -> 2025.0.0 age confidence
org.yaml:snakeyaml compile minor 2.4 -> 2.5 age confidence
io.reactivex.rxjava3:rxjava compile patch 3.1.10 -> 3.1.12 age confidence
org.junit.platform:junit-platform-runner (source) test minor 1.12.2 -> 1.14.1 age confidence
org.pitest:pitest-maven (source) build minor 1.19.3 -> 1.21.1 age confidence
commons-io:commons-io (source) compile minor 2.19.0 -> 2.21.0 age confidence
commons-io:commons-io (source) test minor 2.19.0 -> 2.21.0 age confidence
org.immutables:value (source) provided minor 2.10.1 -> 2.11.6 age confidence
ch.qos.logback:logback-classic (source, changelog) compile patch 1.5.18 -> 1.5.20 age confidence
ch.qos.logback:logback-core (source, changelog) compile patch 1.5.18 -> 1.5.19 age confidence
com.opencsv:opencsv (source) compile minor 5.11 -> 5.12.0 age confidence
org.assertj:assertj-core (source) test patch 3.27.3 -> 3.27.6 age confidence
com.fasterxml.jackson.core:jackson-databind (source) compile minor 2.19.0 -> 2.20.1 age confidence
org.webjars:bootstrap (source) compile patch 5.3.5 -> 5.3.8 age confidence
com.oracle.database.jdbc:ojdbc10 (source) compile minor 19.27.0.0 -> 19.29.0.0 age confidence
org.junit.jupiter:junit-jupiter-api (source) test major 5.12.2 -> 6.0.1 age confidence
org.junit.jupiter:junit-jupiter-params (source) test major 5.12.2 -> 6.0.1 age confidence
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml compile minor 2.19.0 -> 2.20.1 age confidence
org.junit.jupiter:junit-jupiter-engine (source) test major 5.12.2 -> 6.0.1 age confidence
org.mockito:mockito-core test minor 5.17.0 -> 5.20.0 age confidence
org.mockito:mockito-core compile minor 5.17.0 -> 5.20.0 age confidence
org.openjfx:javafx-controls (source) compile major 25-ea+17 -> 26-ea+15 age confidence
org.springframework.boot:spring-boot-starter-parent (source) parent minor 3.4.5 -> 3.5.7 age confidence
org.quartz-scheduler:quartz (source) dependencies patch 2.5.0 -> 2.5.1 age confidence
org.junit.jupiter:junit-jupiter-api (source) dependencies major 5.12.2 -> 6.0.1 age confidence

GitHub Vulnerability Alerts

CVE-2025-11226

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment variable before program execution.

A successful attack requires the Janino library and Spring Framework to be present on the user's class path. Additionally, the attacker must have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privileges.

Release Notes

actions/checkout (actions/checkout)

v5

Compare Source

actions/setup-java (actions/setup-java)

v5

Compare Source

gradle/gradle (gradle)

v9.2.0

Compare Source

v9.1.0: 9.1.0

Compare Source

The Gradle team is excited to announce Gradle 9.1.0.

Here are the highlights of this release:

  • Full Java 25 support
  • Native task graph visualization
  • Enhanced console output

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Eng Zer Jun,
EunHyunsu,
Gaëtan Muller,
HeeChul Yang,
Jendrik Johannes,
Johnny Lim,
Junho Lee,
Kirill Gavrilov,
Matthew Haughton,
Na Minhyeok,
Philip Wedemann,
Philipp Schneider,
Pradyumna C,
r-a-sattarov,
Ryszard Perkowski,
Sebastian Schuberth,
SebastianHeil,
Staffan Al-Kadhimi,
winfriedgerlach,
Xin Wang.

Upgrade instructions

Switch your build to use Gradle 9.1.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.1.0 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v9.0.0: 9.0.0

Compare Source

The Gradle team is excited to announce Gradle 9.0.0.

Here are the highlights of this release:

  • Configuration Cache is the recommended execution mode
  • Gradle requires JVM 17 or higher to run
  • Build scripts use Kotlin 2.2 and Groovy 4.0
  • Improved Kotlin DSL script compilation avoidance

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Aaron Matthis,
Adam E,
Adam S,
Björn Kautler,
Daniel Lacasse,
Eng Zer Jun,
EunHyunsu,
FlorianMichael,
Francisco Prieto,
Gaëtan Muller,
Jake Wharton,
Kengo TODA,
Kent Kaseda,
Madalin Valceleanu,
Marc Philipp,
Mark S. Lewis,
Matthew Haughton,
Mycroft Wong,
Na Minhyeok,
Nelson Osacky,
Olivier "Oli" Dagenais,
ploober,
Radai Rosenblatt,
Róbert Papp,
Sebastian Schuberth,
Victor Merkulov.

Upgrade instructions

Switch your build to use Gradle 9.0.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.0.0 && ./gradlew wrapper

See the Gradle 9.0.0 upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v8.14.3: 8.14.3

Compare Source

The Gradle team is excited to announce Gradle 8.14.3.

This is a patch release for 8.14. We recommend using 8.14.3 instead of 8.14.

Here are the highlights of this release:

  • Java 24 support
  • GraalVM Native Image toolchain selection
  • Enhancements to test reporting
  • Build Authoring improvements

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Aurimas,
Ben Bader,
Björn Kautler,
chandre92,
Daniel Hammer,
Danish Nawab,
Florian Dreier,
Ivy Chen,
Jendrik Johannes,
jimmy1995-gu,
Madalin Valceleanu,
Na Minhyeok.

Upgrade instructions

Switch your build to use Gradle 8.14.3 by updating your wrapper:

./gradlew wrapper --gradle-version=8.14.3 && ./gradlew wrapper

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v8.14.2: 8.14.2

Compare Source

The Gradle team is excited to announce Gradle 8.14.2.

Here are the highlights of this release:

  • Java 24 support
  • GraalVM Native Image toolchain selection
  • Enhancements to test reporting
  • Build Authoring improvements

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Aurimas,
Ben Bader,
Björn Kautler,
chandre92,
Daniel Hammer,
Danish Nawab,
Florian Dreier,
Ivy Chen,
Jendrik Johannes,
jimmy1995-gu,
Madalin Valceleanu,
Na Minhyeok.

Upgrade instructions

Switch your build to use Gradle 8.14.2 by updating your wrapper:

./gradlew wrapper --gradle-version=8.14.2 && ./gradlew wrapper

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v8.14.1: 8.14.1

Compare Source

The Gradle team is excited to announce Gradle 8.14.1.

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Aurimas,
Ben Bader,
Björn Kautler,
chandre92,
Daniel Hammer,
Danish Nawab,
Florian Dreier,
Ivy Chen,
Jendrik Johannes,
jimmy1995-gu,
Madalin Valceleanu,
Na Minhyeok.

Upgrade instructions

Switch your build to use Gradle 8.14.1 by updating your wrapper:

./gradlew wrapper --gradle-version=8.14.1 && ./gradlew wrapper

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

apache/maven (maven)

v3.9.11: 3.9.11

Compare Source

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

🔧 Build

📦 Dependency updates

v3.9.10: 3.9.10

Compare Source

Release Notes - Maven - Version 3.9.10

Bug

  • [MNG-8096] - Inconsistent dependency resolution behaviour for concurrent multi-module build can cause failures
  • [MNG-8169] - MINGW support requires --add-opens java.base/java.lang=ALL-UNNAMED
  • [MNG-8170] - Maven 3.9.8 contains weird native library for Jansi on Windows/arm64
  • [MNG-8211] - Maven should fail builds that use CI Friendly versions but have no values set
  • [MNG-8248] - WARNING: A restricted method in java.lang.System has been called
  • [MNG-8256] - ProjectDependencyGraph bug: in case of filtering, non-direct module links are lost
  • [MNG-8315] - Failure of mvn.cmd if a .mvn directory is located at drive root
  • [MNG-8396] - Maven takes forever to resume
  • [MNG-8711] - "Duplicate artifact" in LifecycleDependencyResolver

Improvement

  • [MNG-8370] - Introduce maven.repo.local.head
  • [MNG-8399] - JDK 24+ issues warning about usage of sun.misc.Unsafe
  • [MNG-8707] - Add methods to remove compile and test source roots
  • [MNG-8712] - improve dependency version explanation: it&#​39;s a requirement, not always effective version
  • [MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding
  • [MNG-8722] - Use a single standalone version of asm
  • [MNG-8731] - Use https for xsi:schemaLocation in generated descriptors
  • [MNG-8734] - Simplify scripting like "get project version" cases

Task

  • [MNG-8728] - Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 and use Java 24 on CI

Dependency upgrade

  • [MNG-8289] - Update Plexus annotations to 2.2.0
  • [MNG-8443] - Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre
  • [MNG-8531] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0
  • [MNG-8532] - Bump commons-io:commons-io from 2.16.1 to 2.18.0
  • [MNG-8534] - Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1
  • [MNG-8635] - Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3
  • [MNG-8636] - Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre
  • [MNG-8640] - Bump org.apache.maven:maven-parent from 43 to 44
  • [MNG-8661] - Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre
  • [MNG-8701] - Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28
  • [MNG-8702] - Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0
  • [MNG-8703] - Bump commons-io:commons-io from 2.18.0 to 2.19.0
  • [MNG-8704] - Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre
  • [MNG-8705] - Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0
  • [MNG-8706] - Bump commons-cli:commons-cli from 1.8.0 to 1.9.0
  • [MNG-8715] - Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2
  • [MNG-8716] - Bump resolver to 1.9.23
  • [MNG-8745] - Bump xmlunitVersion from 2.10.0 to 2.10.2
What's Changed
New Contributors

Full Changelog: apache/maven@maven-3.9.9...maven-3.9.10

apache/maven-wrapper (maven-wrapper)

v3.3.4: 3.3.4

Compare Source

🐛 Bug Fixes
👻 Maintenance

v3.3.3: 3.3.3

Compare Source

💥 Breaking changes
🚀 New features and improvements
🐛 Bug Fixes

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from aa2a7b0 to 48f9232 Compare June 5, 2025 15:27
@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from 4545142 to cc9bfef Compare June 13, 2025 12:15
@renovate renovate bot force-pushed the renovate/all branch 9 times, most recently from a229834 to ea01ef9 Compare June 20, 2025 11:52
@renovate renovate bot force-pushed the renovate/all branch 6 times, most recently from e533365 to 112242b Compare June 29, 2025 00:29
@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from b27769b to 7c2cbae Compare July 11, 2025 11:45
@renovate renovate bot force-pushed the renovate/all branch 7 times, most recently from fde1e9e to fec838c Compare October 14, 2025 11:06
@renovate renovate bot force-pushed the renovate/all branch 6 times, most recently from 5a5e474 to bffa288 Compare October 21, 2025 21:31
@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from 04f7ed0 to 39e8bce Compare October 30, 2025 00:49
@renovate renovate bot force-pushed the renovate/all branch 8 times, most recently from 62f80ee to 403c1bd Compare November 5, 2025 22:39
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from da7b7e5 to c0c99f2 Compare November 7, 2025 22:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant