Dependency Dashboard

[dnastack-renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository Problems

Renovate tried to run on this repository, but found these problems.

• ⚠️ WARN: Package lookup failures

Note

These dependencies have not received updates for an extended period and may be unmaintained:

View abandoned dependencies (1)

Datasource	Name	Last Updated
github-actions	gitleaks/gitleaks-action	2025-04-17

Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release.
Unlike deprecated packages with official notices, abandonment is detected by release inactivity.

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• [CU-86b4umhm1] Update actions/checkout digest to 93cb6ef
• [CU-86b4umhm1] Update actions/setup-java digest to be666c2
• [CU-86b4umhm1] Update dependency com.dnastack:actuator-e2e-test to v1.0.5
• [CU-86b4umhm1] Update dependency maven to v3.9.15
• [CU-86b4umhm1] Update dependency org.projectlombok:lombok to v1.18.46
• [CU-86b4umhm1] Update slf4j monorepo to v2.0.17 (org.slf4j:jcl-over-slf4j, org.slf4j:slf4j-simple, org.slf4j:slf4j-api)
• [CU-86b4umhm1] Update dependency com.azure:azure-sdk-bom to v1.3.6
• [CU-86b4umhm1] Update dependency io.rest-assured:rest-assured-bom to v5.5.7
• [CU-86b4umhm1] Update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0
• [CU-86b4umhm1] Update dependency org.awaitility:awaitility to v4.3.0
• [CU-86b4umhm1] Update dependency org.junit:junit-bom to v5.14.4
• [CU-86b4umhm1] Update dependency org.springframework.cloud:spring-cloud-dependencies to v2025.1.1
• [CU-86b4umhm1] Update jackson monorepo (com.fasterxml.jackson.core:jackson-annotations, com.fasterxml.jackson.core:jackson-databind)
• [CU-86b4umhm1] Update jjwt.version to v0.13.0 (io.jsonwebtoken:jjwt-jackson, io.jsonwebtoken:jjwt-impl)
• [CU-86b4umhm1] Update maven.surefire.plugin.version to v3.5.5 (org.apache.maven.surefire:surefire-junit-platform, org.apache.maven.plugins:maven-surefire-plugin)
• [CU-86b4umhm1] Update springdoc-openapi.version to v2.8.17 (org.springdoc:springdoc-openapi-starter-webmvc-api, org.springdoc:springdoc-openapi-starter-webmvc-ui)
• [CU-86b4umhm1] Update actions/cache action to v5
• [CU-86b4umhm1] Update actions/checkout action to v6
• [CU-86b4umhm1] Update amazoncorretto Docker tag to v25
• [CU-86b4umhm1] Update dependency com.dnastack:dnastack-token-validator to v2
• [CU-86b4umhm1] Update dependency com.squareup.okhttp3:okhttp to v5
• [CU-86b4umhm1] Update dependency io.rest-assured:rest-assured-bom to v6
• [CU-86b4umhm1] Update dependency maven-wrapper to v3
• [CU-86b4umhm1] Update dependency org.junit:junit-bom to v6
• [CU-86b4umhm1] Update dependency org.owasp:dependency-check-maven to v12
• [CU-86b4umhm1] Update dependency org.springframework.boot:spring-boot-starter-parent to v4
• [CU-86b4umhm1] Update GitHub Artifact Actions (major) (actions/download-artifact, actions/upload-artifact)
• [CU-86b4umhm1] Update springdoc-openapi.version to v3 (major) (org.springdoc:springdoc-openapi-starter-webmvc-api, org.springdoc:springdoc-openapi-starter-webmvc-ui)
• 🔐 Create all rate-limited PRs at once 🔐

Pending Status Checks

The following updates await pending status checks. To force their creation now, click on a checkbox below.

• [CU-86b4umhm1] Update dependency com.google.auth:google-auth-library-bom to v1.47.0
• [CU-86b4umhm1] Update dependency com.google.cloud:google-cloud-resourcemanager to v1.94.0
• [CU-86b4umhm1] Update dependency com.google.cloud:google-cloud-storage-bom to v2.68.0
• [CU-86b4umhm1] Update dependency com.dnastack:spring-boot-audit-event-logger to v4

---

Warning

Renovate failed to look up the following dependencies: Failed to look up github-tags package aquasecurity/setup-trivy.

Files affected: .github/workflows/sca.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• [CU-86b4umhm1] Update dependency ch.qos.logback:logback-core to v1.5.25 [SECURITY]
• [CU-86b4umhm1] Update dependency com.fasterxml.jackson.core:jackson-core to v2.18.6 [SECURITY]
• [CU-86b4umhm1] Update dependency org.codehaus.plexus:plexus-utils to v3 [SECURITY]
• [CU-86b4umhm1] Pin dependencies
• [CU-86b4umhm1] Update actions/cache digest to 0057852
• [CU-86b4umhm1] Update amazoncorretto Docker tag
• [CU-86b4umhm1] Update dependency ch.qos.logback:logback-classic to v1.5.32
• [CU-86b4umhm1] Update dependency com.dnastack:dnastack-token-validator to v1.0.19
• [CU-86b4umhm1] Update dependency com.dnastack:logback-extensions to v1.0.1
• [CU-86b4umhm1] Update dependency com.dnastack:spring-boot-audit-event-logger to v1.0.23
• Click on this checkbox to rebase all open PRs at once

Detected Dependencies

dockerfile (2)

ci/e2e-tests/Dockerfile (2)

• amazoncorretto 21-al2023 → [Updates: 21.0.11-al2023, 25.0.3-al2023, 21-al2023]
• amazoncorretto 21-alpine → [Updates: 21.0.11-alpine, 25.0.3-alpine, 21-alpine]

ci/impl/Dockerfile (2)

• amazoncorretto 21-al2023 → [Updates: 21.0.11-al2023, 25.0.3-al2023, 21-al2023]
• amazoncorretto 21-alpine → [Updates: 21.0.11-alpine, 25.0.3-alpine, 21-alpine]

github-actions (4)

.github/workflows/build-test-java-app.yml (2)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• actions/setup-java v5@dded0888837ed1f317902acf8a20df0ad188d165 → [Updates: v5]

.github/workflows/sast.yml (6)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• actions/setup-java v5@dded0888837ed1f317902acf8a20df0ad188d165 → [Updates: v5]
• actions/cache v4@0400d5f644dc74513175e3cd8d07132dd4860809 → [Updates: v5, v4]
• actions/upload-artifact v4@ea165f8d65b6e75b540449e92b4886f43607fa02 → [Updates: v7]
• actions/download-artifact v5@634f93cb2916e3fdff6788551b99b062d0335ce0 → [Updates: v8]
• sonarsource/sonarqube-quality-gate-action v1.2.0@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b

.github/workflows/sca.yml (3)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• actions/setup-java v5@dded0888837ed1f317902acf8a20df0ad188d165 → [Updates: v5]
• aquasecurity/setup-trivy v0.2.6@3fb12ec12f41e471780db15c232d5dd185dcb514

.github/workflows/secrets-detection.yml (2)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• gitleaks/gitleaks-action v2.3.9@ff98106e4c7b2bc287b24eaf42907196329070c7

maven (2)

e2e-tests/pom.xml (17)

• io.rest-assured:rest-assured-bom 5.4.0 → [Updates: 5.5.7, 6.0.0]
• org.junit:junit-bom 5.10.1 → [Updates: 5.14.4, 6.0.3]
• com.dnastack:actuator-e2e-test 1.0.4 → [Updates: 1.0.5]
• com.google.cloud:google-cloud-resourcemanager 1.93.0 → [Updates: 1.94.0]
• org.projectlombok:lombok 1.18.30 → [Updates: 1.18.46]
• com.fasterxml.jackson.core:jackson-core 2.16.1 → [Updates: 2.18.6]
• com.fasterxml.jackson.core:jackson-databind 2.16.1 → [Updates: 2.21.3]
• com.fasterxml.jackson.core:jackson-annotations 2.16.1 → [Updates: 2.21]
• org.awaitility:awaitility 4.2.0 → [Updates: 4.3.0]
• org.slf4j:slf4j-api 2.0.10 → [Updates: 2.0.17]
• org.slf4j:slf4j-simple 2.0.10 → [Updates: 2.0.17]
• org.slf4j:jcl-over-slf4j 2.0.10 → [Updates: 2.0.17]
• org.apache.maven.plugins:maven-compiler-plugin 3.8.1 → [Updates: 3.15.0]
• org.apache.maven.plugins:maven-surefire-plugin 3.0.0-M7 → [Updates: 3.5.5]
• de.qaware.maven:go-offline-maven-plugin 1.2.8
• org.apache.maven.surefire:surefire-junit-platform 3.0.0-M7 → [Updates: 3.5.5]
• org.codehaus.plexus:plexus-utils 1.1 → [Updates: 3.6.1]

pom.xml (22)

• org.springframework.boot:spring-boot-starter-parent 3.5.14 → [Updates: 4.0.6]
• org.springframework.cloud:spring-cloud-dependencies 2025.0.2 → [Updates: 2025.1.1]
• ch.qos.logback:logback-classic 1.5.18 → [Updates: 1.5.32]
• ch.qos.logback:logback-core 1.5.18 → [Updates: 1.5.25]
• com.azure:azure-sdk-bom 1.2.8 → [Updates: 1.3.6]
• com.google.cloud:google-cloud-storage-bom 2.67.0 → [Updates: 2.68.0]
• com.google.auth:google-auth-library-bom 1.46.0 → [Updates: 1.47.0]
• com.dnastack:dnastack-token-validator 1.0.11 → [Updates: 1.0.19, 2.0.0]
• com.dnastack:logback-extensions 1.0.0 → [Updates: 1.0.1]
• com.dnastack:spring-boot-audit-event-logger 1.0.17 → [Updates: 1.0.23, 4.0.0]
• org.springdoc:springdoc-openapi-starter-webmvc-ui 2.3.0 → [Updates: 2.8.17, 3.0.3]
• org.springdoc:springdoc-openapi-starter-webmvc-api 2.3.0 → [Updates: 2.8.17, 3.0.3]
• com.squareup.okhttp3:okhttp 4.12.0 → [Updates: 5.3.2]
• io.github.openfeign.form:feign-form 3.8.0
• io.jsonwebtoken:jjwt-impl 0.12.3 → [Updates: 0.13.0]
• io.jsonwebtoken:jjwt-jackson 0.12.3 → [Updates: 0.13.0]
• ch.qos.logback.contrib:logback-jackson 0.1.5
• org.owasp:dependency-check-maven 11.1.1 → [Updates: 12.2.2]
• org.apache.maven.plugins:maven-surefire-plugin 3.0.0-M7 → [Updates: 3.5.5]
• de.qaware.maven:go-offline-maven-plugin 1.2.8
• org.apache.maven.surefire:surefire-junit-platform 3.0.0-M7 → [Updates: 3.5.5]
• org.codehaus.plexus:plexus-utils 1.1 → [Updates: 3.6.1]

maven-wrapper (1)

.mvn/wrapper/maven-wrapper.properties (2)

• maven 3.9.9 → [Updates: 3.9.15]
• maven-wrapper 0.5.6 → [Updates: 3.3.4]

---

• Check this box to trigger a request for Renovate to run again on this repository