Dependency Dashboard

[dnastack-renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Config Migration Needed

See Config Migration PR: #149.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Found renovate config warnings

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• [CU-86b4umhm1] Update EnricoMi/publish-unit-test-result-action digest to c950f6f
• [CU-86b4umhm1] Update dependency com.dnastack:spring-boot-audit-event-logger to v1.0.22
• [CU-86b4umhm1] Update dependency com.github.gavlyukovskiy:p6spy-spring-boot-starter to v1.12.1
• [CU-86b4umhm1] Update dependency commons-validator:commons-validator to v1.10.1
• [CU-86b4umhm1] Update dependency io.rest-assured:rest-assured to v5.5.7
• [CU-86b4umhm1] Update dependency joda-time:joda-time to v2.14.1
• [CU-86b4umhm1] Update dependency maven to v3.9.14
• [CU-86b4umhm1] Update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5
• [CU-86b4umhm1] Update dependency org.apache.maven.surefire:surefire-junit-platform to v3.5.5
• [CU-86b4umhm1] Update dependency org.projectlombok:lombok to v1.18.44
• [CU-86b4umhm1] Update dependency org.springframework.boot:spring-boot-starter-parent to v3.5.13
• [CU-86b4umhm1] Update logback monorepo to v1.5.32 (ch.qos.logback:logback-core, ch.qos.logback:logback-classic)
• [CU-86b4umhm1] Update dependency com.fasterxml.jackson.core:jackson-databind to v2.21.2
• [CU-86b4umhm1] Update dependency com.google.auth:google-auth-library-oauth2-http to v1.43.0
• [CU-86b4umhm1] Update dependency io.zonky.test:embedded-database-spring-test to v2.8.0
• [CU-86b4umhm1] Update dependency io.zonky.test:embedded-postgres to v2.2.2
• [CU-86b4umhm1] Update dependency org.apache.commons:commons-lang3 to v3.20.0
• [CU-86b4umhm1] Update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0
• [CU-86b4umhm1] Update dependency org.jdbi:jdbi3-bom to v3.52.0
• [CU-86b4umhm1] Update dependency org.mockito:mockito-core to v5.23.0
• [CU-86b4umhm1] Update feign monorepo to v13.11 (io.github.openfeign:feign-jackson, io.github.openfeign:feign-okhttp, io.github.openfeign:feign-core)
• [CU-86b4umhm1] Update junit-framework monorepo (org.junit.jupiter:junit-jupiter, org.junit.jupiter:junit-jupiter-api, org.junit.platform:junit-platform-launcher)
• [CU-86b4umhm1] Update resilience4j to v2.4.0 (io.github.resilience4j:resilience4j-core, io.github.resilience4j:resilience4j-retry)
• [CU-86b4umhm1] Update actions/checkout action to v6
• [CU-86b4umhm1] Update amazoncorretto Docker tag to v25
• [CU-86b4umhm1] Update dependency com.github.gavlyukovskiy:p6spy-spring-boot-starter to v2
• [CU-86b4umhm1] Update dependency io.rest-assured:rest-assured to v6
• [CU-86b4umhm1] Update dependency io.trino:trino-jdbc to v480
• [CU-86b4umhm1] Update dependency org.springframework.boot:spring-boot-starter-parent to v4
• [CU-86b4umhm1] Update junit-framework monorepo to v6 (major) (org.junit.jupiter:junit-jupiter, org.junit.jupiter:junit-jupiter-api, org.junit.platform:junit-platform-launcher)
• 🔐 Create all rate-limited PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• [CU-86b4umhm1] Update dependency com.dnastack:dnastack-token-validator to v1.0.19-24-geec6783
• [CU-86b4umhm1] Update dependency com.google.guava:guava to v33.6.0-jre
• [CU-86b4umhm1] Update dependency com.dnastack:dnastack-oauth-client-factory-spring-starter to v2
• [CU-86b4umhm1] Update dependency com.dnastack:dnastack-token-validator to v2

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• [CU-86b4umhm1] Update dependency com.nimbusds:nimbus-jose-jwt to v10 [SECURITY]
• [CU-86b4umhm1] Update dependency org.codehaus.plexus:plexus-utils to v3 [SECURITY]
• [CU-86b4umhm1] Update actions/checkout digest to 93cb6ef
• [CU-86b4umhm1] Update actions/setup-java digest to be666c2
• [CU-86b4umhm1] Update amazoncorretto:21-alpine Docker digest to 29fb96b
• [CU-86b4umhm1] Update amazoncorretto Docker tag to v21.0.9-alpine
• [CU-86b4umhm1] Update dependency com.google.guava:guava to v33
• [CU-86b4umhm1] Update dependency com.squareup.okhttp3:okhttp to v5
• [CU-86b4umhm1] Update dependency org.springframework.cloud:spring-cloud-dependencies to v2025
• [CU-86b4umhm1] Update slf4j monorepo to v2 (major) (org.slf4j:jcl-over-slf4j, org.slf4j:slf4j-simple, org.slf4j:slf4j-api)
• Click on this checkbox to rebase all open PRs at once

Detected Dependencies

dockerfile (4)

ci/e2e-tests/Dockerfile (2)

• amazoncorretto 21-alpine@sha256:fda60fd7965970ce7ed7ce789b18418647b56ac6112fc17df006337bdc6355c4 → [Updates: 21.0.9-alpine, 25.0.1-alpine, 21-alpine]
• amazoncorretto 21-alpine@sha256:fda60fd7965970ce7ed7ce789b18418647b56ac6112fc17df006337bdc6355c4 → [Updates: 21.0.9-alpine, 25.0.1-alpine, 21-alpine]

ci/impl/Dockerfile (2)

• amazoncorretto 21-alpine@sha256:fda60fd7965970ce7ed7ce789b18418647b56ac6112fc17df006337bdc6355c4 → [Updates: 21.0.9-alpine, 25.0.1-alpine, 21-alpine]
• amazoncorretto 21-alpine@sha256:fda60fd7965970ce7ed7ce789b18418647b56ac6112fc17df006337bdc6355c4 → [Updates: 21.0.9-alpine, 25.0.1-alpine, 21-alpine]

ci/predeploy/Dockerfile (1)

• gcr.io/dnastack-container-store/liquibase-docker-image 1.0-2-gf48af98@sha256:ce4a85cc6cb6d3a6914cac6d1abb4eff2b718435c8565930c05fae564379be25

cloud-init-docker/Dockerfile (1)

• gcr.io/dnastack-container-store/cloud-deployment-scripts NOT_A_REAL_VERSION

github-actions (1)

.github/workflows/java-tests.yml (3)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• actions/setup-java v5@dded0888837ed1f317902acf8a20df0ad188d165 → [Updates: v5]
• EnricoMi/publish-unit-test-result-action v2@3a74b2957438d0b6e2e61d67b05318aa25c9e6c6 → [Updates: v2]

helmv3 (1)

helm/Chart.yaml (1)

• publisher-helm-library 1.1-39-g796514f

maven (2)

e2e-tests/pom.xml (26)

• org.junit.jupiter:junit-jupiter-api 5.13.4 → [Updates: 5.14.3, 6.0.3]
• ch.qos.logback:logback-classic 1.5.25 → [Updates: 1.5.32]
• ch.qos.logback:logback-core 1.5.25 → [Updates: 1.5.32]
• org.jspecify:jspecify 1.0.0
• com.dnastack:actuator-e2e-test 1.0.5
• io.trino:trino-jdbc 359 → [Updates: 480]
• org.projectlombok:lombok 1.18.42 → [Updates: 1.18.44]
• org.junit.jupiter:junit-jupiter 5.13.4 → [Updates: 5.14.3, 6.0.3]
• org.slf4j:slf4j-api 1.7.36 → [Updates: 2.0.17]
• org.slf4j:slf4j-simple 1.7.36 → [Updates: 2.0.17]
• org.slf4j:jcl-over-slf4j 1.7.36 → [Updates: 2.0.17]
• com.fasterxml.jackson.core:jackson-databind 2.20.0 → [Updates: 2.21.2]
• io.rest-assured:rest-assured 5.5.6 → [Updates: 5.5.7, 6.0.0]
• com.google.guava:guava 33.5.0-jre → [Updates: 33.6.0-jre]
• com.google.auth:google-auth-library-oauth2-http 1.39.1 → [Updates: 1.43.0]
• commons-validator:commons-validator 1.10.0 → [Updates: 1.10.1]
• org.assertj:assertj-core 3.27.7
• org.awaitility:awaitility 4.3.0
• com.dnastack:logback-extensions 1.0.1
• ch.qos.logback.contrib:logback-jackson 0.1.5
• org.apache.maven.plugins:maven-compiler-plugin 3.14.1 → [Updates: 3.15.0]
• org.apache.maven.plugins:maven-surefire-plugin 3.5.4 → [Updates: 3.5.5]
• de.qaware.maven:go-offline-maven-plugin 1.2.8
• org.apache.maven.surefire:surefire-junit-platform 3.5.4 → [Updates: 3.5.5]
• org.junit.platform:junit-platform-launcher 1.13.4 → [Updates: 1.14.3, 6.0.3]
• org.codehaus.plexus:plexus-utils 1.1 → [Updates: 3.6.1]

pom.xml (31)

• org.springframework.boot:spring-boot-starter-parent 3.5.6 → [Updates: 3.5.13, 4.0.5]
• org.springframework.cloud:spring-cloud-dependencies 2021.0.9 → [Updates: 2025.1.1]
• joda-time:joda-time 2.14.0 → [Updates: 2.14.1]
• org.jdbi:jdbi3-bom 3.49.5 → [Updates: 3.52.0]
• ch.qos.logback:logback-classic 1.5.25 → [Updates: 1.5.32]
• ch.qos.logback:logback-core 1.5.25 → [Updates: 1.5.32]
• org.projectlombok:lombok 1.18.42 → [Updates: 1.18.44]
• com.github.gavlyukovskiy:p6spy-spring-boot-starter 1.12.0 → [Updates: 1.12.1, 2.0.0]
• org.bouncycastle:bcprov-jdk18on 1.84
• com.squareup.okhttp3:okhttp 4.12.0 → [Updates: 5.3.2]
• com.nimbusds:nimbus-jose-jwt 9.48 → [Updates: 10.0.2]
• com.google.guava:guava 32.1.3-jre → [Updates: 33.5.0-jre]
• org.apache.commons:commons-lang3 3.19.0 → [Updates: 3.20.0]
• joda-time:joda-time 2.14.0 → [Updates: 2.14.1]
• org.assertj:assertj-core 3.27.7
• org.skyscreamer:jsonassert 1.5.3
• org.mockito:mockito-core 5.20.0 → [Updates: 5.23.0]
• io.github.openfeign:feign-core 13.6 → [Updates: 13.11]
• io.github.openfeign.form:feign-form 3.8.0
• io.github.openfeign:feign-okhttp 13.6 → [Updates: 13.11]
• io.github.openfeign:feign-jackson 13.6 → [Updates: 13.11]
• io.github.resilience4j:resilience4j-retry 2.3.0 → [Updates: 2.4.0]
• io.github.resilience4j:resilience4j-core 2.3.0 → [Updates: 2.4.0]
• com.dnastack:dnastack-token-validator 1.0.18 → [Updates: 1.0.19-24-geec6783, 2.0.0]
• com.dnastack:spring-boot-audit-event-logger 1.0.20 → [Updates: 1.0.22]
• com.dnastack:dnastack-oauth-client-factory-spring-starter 1.0.5 → [Updates: 2.0.0]
• com.dnastack:logback-extensions 1.0.1
• io.zonky.test:embedded-database-spring-test 2.6.0 → [Updates: 2.8.0]
• io.zonky.test:embedded-postgres 2.1.1 → [Updates: 2.2.2]
• de.qaware.maven:go-offline-maven-plugin 1.2.8
• org.projectlombok:lombok 1.18.42 → [Updates: 1.18.44]

maven-wrapper (1)

.mvn/wrapper/maven-wrapper.properties (1)

• maven 3.9.11 → [Updates: 3.9.14]

---

• Check this box to trigger a request for Renovate to run again on this repository