Skip to content

fix(deps): update all dependencies j:cdx-227 #171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 19, 2025
Merged

fix(deps): update all dependencies j:cdx-227 #171

merged 1 commit into from
Aug 19, 2025

Conversation

@renovate-coveo
Copy link
Contributor

@renovate-coveo renovate-coveo bot commented Nov 25, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@commitlint/config-conventional (source) 19.5.0 -> 19.8.1 age adoption passing confidence devDependencies minor
@octokit/auth-app 7.1.2 -> 7.2.2 age adoption passing confidence devDependencies minor
actions/checkout v4.2.2 -> v4.3.0 age adoption passing confidence action minor
actions/checkout 11bd719 -> 08eba0b action digest
actions/setup-java v4.5.0 -> v4.7.1 age adoption passing confidence action minor
actions/setup-node v4.1.0 -> v4.4.0 age adoption passing confidence action minor
actions/upload-artifact v4.4.3 -> v4.6.2 age adoption passing confidence action minor
ossf/scorecard-action v2.4.0 -> v2.4.2 age adoption passing confidence action patch
step-security/harden-runner v2.10.1 -> v2.13.0 age adoption passing confidence action minor
com.diffplug.spotless:spotless-maven-plugin 2.43.0 -> 2.46.1 age adoption passing confidence build minor
org.apache.maven:maven-model 3.9.9 -> 3.9.11 age adoption passing confidence compile patch
commons-codec:commons-codec (source) 1.17.1 -> 1.19.0 age adoption passing confidence compile minor
org.mockito:mockito-core 5.14.2 -> 5.19.0 age adoption passing confidence test minor
joda-time:joda-time (source) 2.13.0 -> 2.14.0 age adoption passing confidence compile minor
io.github.cdimascio:dotenv-java 3.0.2 -> 3.2.0 age adoption passing confidence compile minor
com.google.code.gson:gson 2.11.0 -> 2.13.1 age adoption passing confidence compile minor
org.apache.logging.log4j:log4j-core (source) 2.24.1 -> 2.25.1 age adoption passing confidence compile minor
org.apache.maven.plugins:maven-gpg-plugin 3.2.7 -> 3.2.8 age adoption passing confidence build patch
org.apache.maven.plugins:maven-javadoc-plugin 3.11.1 -> 3.11.3 age adoption passing confidence build patch

[skip release]

Release Notes

conventional-changelog/commitlint (@​commitlint/config-conventional)

v19.8.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v19.8.0

Compare Source

Performance Improvements
  • use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/config-conventional

v19.7.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v19.6.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

octokit/auth-app.js (@​octokit/auth-app)

v7.2.2

Compare Source

Bug Fixes

v7.2.1

Compare Source

Bug Fixes

v7.2.0

Compare Source

Features

v7.1.5

Compare Source

Bug Fixes
  • deps: update octokit dependencies to mitigate ReDos vulnerability [security] (#​678) (499d1f6)

v7.1.4

Compare Source

Bug Fixes

v7.1.3

Compare Source

Bug Fixes
actions/checkout (actions/checkout)

v4.3.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

actions/setup-java (actions/setup-java)

v4.7.1

Compare Source

What's Changed
Documentation changes
Dependency updates:

Full Changelog: actions/setup-java@v4...v4.7.1

v4.7.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/setup-java@v4...v4.7.0

v4.6.0

Compare Source

What's Changed

Add-ons:

 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: ‘jetbrains’
     java-version: '21'

Bug fixes:

New Contributors

Full Changelog: actions/setup-java@v4...v4.6.0

actions/setup-node (actions/setup-node)

v4.4.0

Compare Source

What's Changed

Bug fixes:
Enhancement:
Dependency update:

New Contributors

Full Changelogactions/setup-node@v4...v4.4.0

v4.3.0

Compare Source

What's Changed

Dependency updates

New Contributors

Full Changelog: actions/setup-node@v4...v4.3.0

v4.2.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/setup-node@v4...v4.2.0

actions/upload-artifact (actions/upload-artifact)

v4.6.2

Compare Source

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

ossf/scorecard-action (ossf/scorecard-action)

v2.4.2

Compare Source

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

v2.4.1

Compare Source

What's Changed

Docs

New Contributors

step-security/harden-runner (step-security/harden-runner)

v2.13.0

Compare Source

What's Changed

  • Improved job markdown summary
  • Https monitoring for all domains (included with the enterprise tier)

Full Changelog: step-security/harden-runner@v2...v2.13.0

v2.12.2

Compare Source

What's Changed

Added HTTPS Monitoring for additional destinations - *.githubusercontent.com
Bug fixes:

  • Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode
  • Increased policy map size for block mode

Full Changelog: step-security/harden-runner@v2...v2.12.2

v2.12.1

Compare Source

What's Changed

  • Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.
  • Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.

Full Changelog: step-security/harden-runner@v2...v2.12.1

v2.12.0

Compare Source

What's Changed

  1. A new option, disable-sudo-and-containers, is now available to replace the disable-sudo policy, addressing Docker-based privilege escalation (CVE-2025-32955). More details can be found in this blog post.

  2. New detections have been added based on insights from the tj-actions and reviewdog actions incidents.

Full Changelog: step-security/harden-runner@v2...v2.12.0

v2.11.1

Compare Source

What's Changed

Full Changelog: step-security/harden-runner@v2...v2.11.1

v2.11.0

Compare Source

What's Changed

Release v2.11.0 in #​498
Harden-Runner Enterprise tier now supports the use of eBPF for DNS resolution and network call monitoring

Full Changelog: step-security/harden-runner@v2...v2.11.0

v2.10.4

Compare Source

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

Compare Source

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

v2.10.2

Compare Source

What's Changed

  1. Fixes low-severity command injection weaknesses
    The advisory is here: GHSA-g85v-wf27-67xc

  2. Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: step-security/harden-runner@v2...v2.10.2

diffplug/spotless (com.diffplug.spotless:spotless-maven-plugin)

v2.45.0

Added
  • Support for gofmt (#​2001)
  • Support for formatting Java Docs for the Palantir formatter (#​2009)

v2.44.0

Added
  • New static method to DiffMessageFormatter which allows to retrieve diffs with their line numbers (#​1960)
  • Gradle - Support for formatting shell scripts via shfmt. (#​1994)
Fixed
  • Fix empty files with biome >= 1.5.0 when formatting files that are in the ignore list of the biome configuration file. (#​1989 fixes #​1987)
  • Fix a regression in BufStep where the same arguments were being provided to every buf invocation. (#​1976)
Changed
  • Use palantir-java-format 2.39.0 on Java 21. (#​1948)
  • Bump default ktlint version to latest 1.0.1 -> 1.1.1. (#​1973)
  • Bump default googleJavaFormat version to latest 1.18.1 -> 1.19.2. (#​1971)
  • Bump default diktat version to latest 1.2.5 -> 2.0.0. (#​1972)
apache/commons-codec (commons-codec:commons-codec)

v1.19.0

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.19.0.

The Apache Commons Codec component contains encoders and decoders for
formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

v1.17.2

The Apache Commons Codec component contains encoders and decoders for
formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

mockito/mockito (org.mockito:mockito-core)

v5.19.0

Compare Source

Changelog generated by Shipkit Changelog Gradle Plugin

5.19.0
  • 2025-08-15 - 37 commit(s) by Adrian-Kim, Tim van der Lippe, Tran Ngoc Nhan, dependabot[bot], juyeop
  • feat: Add support for JDK21 Sequenced Collections. (#​3708)
  • Bump actions/checkout from 4 to 5 (#​3707)
  • build: Allow overriding 'Created-By' for reproducible builds (#​3704)
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#​3703)
  • Bump androidx.test:runner from 1.6.2 to 1.7.0 (#​3697)
  • Bump org.junit.platform:junit-platform-launcher from 1.13.3 to 1.13.4 (#​3694)
  • Bump com.diffplug.spotless:spotless-plugin-gradle from 7.1.0 to 7.2.1 (#​3693)
  • Bump junit-jupiter from 5.13.3 to 5.13.4 (#​3691)
  • Bump com.gradle.develocity from 4.0.2 to 4.1 (#​3689)
  • Bump com.google.googlejavaformat:google-java-format from 1.27.0 to 1.28.0 (#​3688)
  • Bump com.google.googlejavaformat:google-java-format from 1.25.2 to 1.27.0 (#​3686)
  • Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.4 to 7.1.0 (#​3685)
  • Bump junit-jupiter from 5.13.2 to 5.13.3 (#​3684)
  • Bump org.shipkit:shipkit-auto-version from 2.1.0 to 2.1.2 (#​3683)
  • Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.2 to 7.0.4 (#​3682)
  • Only run release after both Java and Android tests have finished
    (#​3681)
  • Bump org.junit.platform:junit-platform-launcher from 1.12.2 to 1.13.3 (#​3680)
  • Bump org.codehaus.groovy:groovy from 3.0.24 to 3.0.25 (#​3679)
  • Bump org.eclipse.platform:org.eclipse.osgi from 3.23.0 to 3.23.100 (#​3678)
  • Can no longer publish snapshot releases (#​3677)
  • Update Gradle to 8.14.2 (#​3676)
  • Bump errorprone from 2.23.0 to 2.39.0 (#​3674)
  • Correct Junit docs link (#​3672)
  • Bump net.ltgt.gradle:gradle-errorprone-plugin from 4.1.0 to 4.3.0 (#​3670)
  • Bump junit-jupiter from 5.13.1 to 5.13.2 (#​3669)
  • Bump bytebuddy from 1.17.5 to 1.17.6 (#​3668)
  • Bump junit-jupiter from 5.12.2 to 5.13.1 (#​3666)
  • Bump org.jetbrains.kotlin:kotlin-stdlib from 2.0.21 to 2.2.0 (#​3665)
  • Bump org.gradle.toolchains.foojay-resolver-convention from 0.9.0 to 1.0.0 (#​3661)
  • Bump org.junit.platform:junit-platform-launcher from 1.11.4 to 1.12.2 (#​3660)
  • Add JDK21 sequenced collections for ReturnsEmptyValues (#​3659)
  • Bump com.gradle.develocity from 3.19.1 to 4.0.2 (#​3658)
  • Bump ru.vyarus:gradle-animalsniffer-plugin from 1.7.2 to 2.0.1 (#​3657)
  • Bump org.eclipse.platform:org.eclipse.osgi from 3.22.0 to 3.23.0 (#​3656)
  • Bump org.codehaus.groovy:groovy from 3.0.23 to 3.0.24 (#​3655)
  • Bump junit-jupiter from 5.11.4 to 5.12.2 (#​3653)
  • Reproducible Build: need to inject JDK distribution details to rebuild (#​3563)

v5.18.0

Compare Source

Changelog generated by Shipkit Changelog Gradle Plugin

5.18.0
  • 2025-05-20 - 5 commit(s) by Eugene Platonov, Patrick Doyle, Tim van der Lippe, dependabot[bot]
  • Make vararg checks Scala friendly (for mockito-scala) (#​3651)
  • For UnfinishedStubbingException, suggest the possibility of another thread (#​3636)
  • UnfinishedStubbingException ought to suggest the possibility of another thread (#​3635)

v5.17.0

Compare Source

Changelog generated by Shipkit Changelog Gradle Plugin

5.17.0
  • 2025-04-04 - 7 commit(s) by Adrian Roos, Andre Kurait, Jan Ouwens, Rafael Winterhalter, Taeik Lim, Thach Le, Tim van der Lippe
  • Fixes #​3631: Fix broken banner image link (#​3632)
  • Banner image is broken (#​3631)
  • Update exception message with mockito-inline (#​3628)
  • Clarify structure of commit messages (#​3626)
  • Fixes #​3622: MockitoExtension fails cleanup when aborted before setup (#​3623)
  • MockitoExtension fails cleanup when aborted before setup (#​3622)
  • Since mockito-inline has been removed, the exception messages with mockito-inline should be modified. (#​3621)
  • Fixes #​3171: Fall back to Throwable Location strategy on Android (#​3619)
  • Fixes #​3615 : broken links to javadoc.io (#​3616)
  • Broken links to javadoc.io (#​3615)
  • Mocks are not working on particular devices after update Android SDK from 33 to 34 (#​3171)

v5.16.1

Compare Source

Changelog generated by Shipkit Changelog Gradle Plugin

5.16.1
  • 2025-03-15 - 3 commit(s) by Adrian Roos, Jérôme Prinet, Rafael Winterhalter
  • Remove Arrays.asList from critical stubbing path in GenericMetadataSu… (#​3610)
  • Rework of injection strategy in the context of modules (#​3608)
  • Adjust inline mocking snippet to allow task relocatability (#​3606)
  • Inline mocking configuration snippet for Gradle should allow task relocatability (#​3605)

[v5.16.0](https://github.com/mockito/moc

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone America/Toronto, Automerge - "after 9:00am and before 12:00pm on tuesday, wednesday, thursday" in timezone America/Toronto.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@renovate-coveo renovate-coveo bot added the bot label Nov 25, 2024
@renovate-coveo renovate-coveo bot requested a review from a team November 25, 2024 05:01
@renovate-coveo renovate-coveo bot requested review from fbeaudoincoveo, louis-bompart and y-lakhdar and removed request for a team November 25, 2024 05:01
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 3 times, most recently from 4e40f78 to ada3749 Compare December 16, 2024 00:01
@renovate-coveo renovate-coveo bot changed the title chore(deps): update all dependencies j:cdx-227 fix(deps): update all dependencies j:cdx-227 Dec 16, 2024
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 2 times, most recently from 6c7070b to 238d137 Compare December 24, 2024 22:30
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 3 times, most recently from 419d9c3 to 68a97ec Compare January 7, 2025 17:01
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 5 times, most recently from c1ab79d to 651fb95 Compare January 16, 2025 21:00
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 2 times, most recently from 0d8c706 to c6ef112 Compare January 29, 2025 15:30
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 2 times, most recently from e492a0e to cedf5e9 Compare April 24, 2025 01:31
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 2 times, most recently from f4deb60 to 8ac2ab3 Compare May 20, 2025 20:01
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 2 times, most recently from cefdd4e to 9b8b121 Compare June 6, 2025 17:01
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 2 times, most recently from 16702af to 25e8b6b Compare June 18, 2025 14:31
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 2 times, most recently from 90ebdf5 to 0e249ae Compare July 2, 2025 07:31
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 3 times, most recently from 477183b to 2cec8bc Compare July 11, 2025 19:02
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 5 times, most recently from 34a24c5 to 590a469 Compare July 22, 2025 19:31
@renovate-coveo renovate-coveo bot force-pushed the renovate/all branch 3 times, most recently from 7687271 to 7909280 Compare August 18, 2025 00:25
@renovate-coveo renovate-coveo bot requested a review from a team as a code owner August 18, 2025 11:01
@alexprudhomme alexprudhomme merged commit 1fd3770 into main Aug 19, 2025
9 checks passed
@developer-experience-bot developer-experience-bot bot mentioned this pull request Aug 19, 2025
Merged
@renovate-coveo renovate-coveo bot deleted the renovate/all branch August 19, 2025 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexprudhomme alexprudhomme alexprudhomme approved these changes

@y-lakhdar y-lakhdar Awaiting requested review from y-lakhdar

@louis-bompart louis-bompart Awaiting requested review from louis-bompart

@fbeaudoincoveo fbeaudoincoveo Awaiting requested review from fbeaudoincoveo

Assignees

No one assigned

Labels

bot dependency update renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexprudhomme