Skip to content

fix(deps): update all dependencies #934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all dependencies #934

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 7, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Confidence
actions/checkout action minor v4.2.2 -> v4.3.0 age confidence
codecov/codecov-action action minor v5.4.3 -> v5.5.1 age confidence
github/codeql-action action minor v3.29.1 -> v3.30.6 age confidence
gradle (source) patch 8.14.2 -> 8.14.3 age confidence
gradle/actions action patch v4.4.1 -> v4.4.4 age confidence
lint-staged dependencies minor 16.1.2 -> 16.2.3 age confidence
yarn (source) packageManager minor 4.9.2 -> 4.10.3 age confidence
org.mockito:mockito-junit-jupiter dependencies minor 5.18.0 -> 5.20.0 age confidence
org.assertj:assertj-core (source) dependencies patch 3.27.3 -> 3.27.6 age confidence
com.google.guava:guava dependencies minor 33.4.8-jre -> 33.5.0-jre age confidence
org.junit.jupiter:junit-jupiter (source) dependencies minor 5.13.2 -> 5.14.0 age confidence
net.sourceforge.plantuml:plantuml dependencies patch 1.2025.4 -> 1.2025.8 age confidence
com.google.code.gson:gson dependencies patch 2.13.1 -> 2.13.2 age confidence
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependencies minor 2.19.1 -> 2.20.0 age confidence
com.fasterxml.jackson.core:jackson-core dependencies minor 2.19.1 -> 2.20.0 age confidence
com.fasterxml.jackson.core:jackson-databind (source) dependencies minor 2.19.1 -> 2.20.0 age confidence
com.fasterxml.jackson.core:jackson-annotations (source) dependencies minor 2.19.1 -> 2.20 age confidence
com.netflix.graphql.dgs.codegen:graphql-dgs-codegen-shared-core dependencies patch 8.1.0 -> 8.1.1 age confidence
io.netty:netty-codec-http (source) dependencies patch 4.2.2.Final -> 4.2.6.Final age confidence
commons-io:commons-io (source) dependencies minor 2.19.0 -> 2.20.0 age confidence
io.netty:netty-codec (source) dependencies patch 4.2.2.Final -> 4.2.6.Final age confidence
org.apache.commons:commons-lang3 (source) dependencies minor 3.18.0 -> 3.19.0 age confidence
org.apache.commons:commons-text (source) dependencies minor 1.13.1 -> 1.14.0 age confidence
com.squareup.okio:okio dependencies minor 3.14.0 -> 3.16.0 age confidence
io.netty:netty-handler (source) dependencies patch 4.2.2.Final -> 4.2.6.Final age confidence
io.netty:netty-handler-proxy (source) dependencies patch 4.2.2.Final -> 4.2.6.Final age confidence
com.github.javaparser:javaparser-core (source) dependencies patch 3.27.0 -> 3.27.1 age confidence
io.netty:netty-codec-socks (source) dependencies patch 4.2.2.Final -> 4.2.6.Final age confidence
com.datadoghq:datadog-api-client dependencies minor 2.38.0 -> 2.44.0 age confidence
io.projectreactor.netty:reactor-netty-core dependencies patch 1.2.8 -> 1.2.10 age confidence
com.newrelic.agent.java:newrelic-api dependencies minor 8.21.0 -> 8.24.0 age confidence
io.opentelemetry:opentelemetry-api dependencies minor 1.51.0 -> 1.54.1 age confidence
com.datadoghq:java-dogstatsd-client dependencies patch 4.4.4 -> 4.4.5 age confidence
org.apache.httpcomponents.client5:httpclient5 (source) dependencies patch 5.5 -> 5.5.1 age confidence
io.projectreactor.netty:reactor-netty-http dependencies patch 1.2.8 -> 1.2.10 age confidence
com.netflix.dgs.codegen plugin patch 8.1.0 -> 8.1.1 age confidence
org.jetbrains.kotlin.jvm plugin patch 2.2.0 -> 2.2.20 age confidence

Release Notes

actions/checkout (actions/checkout)

v4.3.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

codecov/codecov-action (codecov/codecov-action)

v5.5.1

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

github/codeql-action (github/codeql-action)

v3.30.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

  • Update default CodeQL bundle version to 2.23.2. #​3168

See the full CHANGELOG.md for more information.

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025
  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
  • Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

v3.30.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

  • Fixed a bug which could cause language autodetection to fail. #​3084
  • Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #​3064

See the full CHANGELOG.md for more information.

v3.30.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025
  • Update default CodeQL bundle version to 2.23.0. #​3077

See the full CHANGELOG.md for more information.

v3.30.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025

  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #​3054

See the full CHANGELOG.md for more information.

v3.29.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #​3044

See the full CHANGELOG.md for more information.

v3.29.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.10 - 18 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.9 - 12 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.8 - 08 Aug 2025

  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #​3015

See the full CHANGELOG.md for more information.

v3.29.7

Compare Source

This is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.

v3.29.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.6 - 07 Aug 2025
  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #​2999
  • Update default CodeQL bundle version to 2.22.3. #​3000

See the full CHANGELOG.md for more information.

v3.29.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #​2986

See the full CHANGELOG.md for more information.

v3.29.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.4 - 23 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.3 - 21 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​2935

See the full CHANGELOG.md for more information.

gradle/gradle (gradle)

v8.14.3: 8.14.3

Compare Source

The Gradle team is excited to announce Gradle 8.14.3.

This is a patch release for 8.14. We recommend using 8.14.3 instead of 8.14.

Here are the highlights of this release:

  • Java 24 support
  • GraalVM Native Image toolchain selection
  • Enhancements to test reporting
  • Build Authoring improvements

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Aurimas,
Ben Bader,
Björn Kautler,
chandre92,
Daniel Hammer,
Danish Nawab,
Florian Dreier,
Ivy Chen,
Jendrik Johannes,
jimmy1995-gu,
Madalin Valceleanu,
Na Minhyeok.

Upgrade instructions

Switch your build to use Gradle 8.14.3 by updating your wrapper:

./gradlew wrapper --gradle-version=8.14.3 && ./gradlew wrapper

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

gradle/actions (gradle/actions)

v4.4.4

Compare Source

What's Changed

Full Changelog: gradle/actions@v4...v4.4.4

v4.4.3

Compare Source

What's Changed

Full Changelog: gradle/actions@v4.4.2...v4.4.3

v4.4.2

Compare Source

This patch release updates a bunch of dependency versions

What's Changed

  • Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group across 1 directory (#​703)
  • Bumps the npm-dependencies group in /sources with 4 updates (#​702)
  • Upgrade to gradle 9 in workflows and tests (#​704)
  • Update known wrapper checksums (#​701)
  • Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/gradle-plugin (#​695)
  • Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/groovy-dsl (#​696)
  • Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/java-toolchain (#​697)
  • Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.1 to 2.19.2 in /sources/test/init-scripts in the gradle group across 1 directory (#​693)
  • Bump github/codeql-action from 3.29.0 to 3.29.4 in the github-actions group across 1 directory (#​691)
  • Bump the npm-dependencies group in /sources with 5 updates (#​692)
  • Bump references to Develocity Gradle plugin from 4.0.2 to 4.1 (#​685)
  • Bump the npm-dependencies group across 1 directory with 8 updates (#​684)
  • Run Gradle release candidate tests with JDK 17 (#​690)
  • Update Develocity npm agent to version 1.0.1 (#​687)
  • Update known wrapper checksums (#​688)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/kotlin-dsl (#​683
  • Bump the github-actions group across 1 directory with 3 updates (#​675)
  • Bump the gradle group across 3 directories with 2 updates (#​674)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /sources/test/init-scripts (#​679)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/java-toolchain (#​682)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/groovy-dsl (#​681)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/gradle-plugin (#​680)
  • Update known wrapper checksums (#​676)

Full Changelog: gradle/actions@v4.4.1...v4.4.2

lint-staged/lint-staged (lint-staged)

v16.2.3

Compare Source

Patch Changes
  • #​1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

v16.2.2

Compare Source

Patch Changes

  • #​1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

    Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

    % npx lint-staged --fail-on-changes
✔ Backed up original state in git stash (c18d55a3)
✔ Running tasks for staged files...
✖ Tasks modified files and --fail-on-changes was used!
↓ Cleaning up temporary files...

✖ lint-staged failed because `--fail-on-changes` was used.

Any lost modifications can be restored from a git stash:

  > git stash list --format="%h %s"
  c18d55a3 On main: lint-staged automatic backup
  > git apply --index c18d55a3

v16.2.1

Compare Source

Patch Changes

  • #​1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

    export default {
---  "*": (files: string[]) => void console.log('staged files', files)
+++  "*": (files: readonly string[]) => void console.log('staged files', files)
}

  • #​1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

  • #​1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

  • #​1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version.

    Given the recent vulnerabilities in the npm ecosystem, it's best to be very careful when updating dependencies.

v16.2.0

Compare Source

Minor Changes

  • #​1615 99eb742 Thanks @​iiroj! - Added a new option --fail-on-changes to make lint-staged exit with code 1 when tasks modify any files, making the precommit hook fail. This is similar to the git diff --exit-code option. Using this flag also implies the --no-revert flag which means any changes made my tasks will be left in the working tree after failing, so that they can be manually staged and the commit tried again.

  • #​1611 cd05fd3 Thanks @​rlorenzo! - Added a new option --continue-on-error so that lint-staged will run all tasks to completion even if some of them fail. By default, lint-staded will exit early on the first failure.

  • #​1637 82fcc07 Thanks @​iiroj! - Internal lint-staged errors are now thrown and visible in the console output. Previously they were caught with the process exit code set to 1, but not logged. This happens when, for example, there's a syntax error in the lint-staged configuration file.

  • #​1647 a5ecc06 Thanks @​iiroj! - Remove debug as a dependency due to recent malware issue; read more at [(RESOLVED) Version 4.4.2 published to npm is compromised debug-js/debug#1005](https://github.com/de

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner July 7, 2025 01:33
@codecov Codecov
Copy link

codecov bot commented Jul 7, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 8.21%. Comparing base (136be4d) to head (b42ba46).

Additional details and impacted files 
@@            Coverage Diff             @@
##              main    #934      +/-   ##
==========================================
- Coverage     9.51%   8.21%   -1.31%     
+ Complexity    2016    1542     -474     
==========================================
  Files         7717    7717              
  Lines        75665   75665              
  Branches       302     302              
==========================================
- Hits          7202    6213     -989     
- Misses       68286   69304    +1018     
+ Partials       177     148      -29

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from 533ef86 to d9170f0 Compare July 14, 2025 22:07
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from e6a36fe to 765ccda Compare July 21, 2025 13:42
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from 671e283 to f76315e Compare July 28, 2025 17:51
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from 718ac2b to 3df36f2 Compare August 5, 2025 11:33
@renovate renovate bot force-pushed the renovate/all branch 12 times, most recently from c99d13b to 320eac1 Compare August 14, 2025 10:41
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from ccc33e4 to 8501b55 Compare September 17, 2025 22:41
@renovate renovate bot force-pushed the renovate/all branch 10 times, most recently from a72b0fc to 28cb047 Compare September 25, 2025 10:47
@renovate renovate bot force-pushed the renovate/all branch 14 times, most recently from 372fdd0 to 3102fc8 Compare October 2, 2025 14:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Type: Maintenance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants