spoon icon indicating copy to clipboard operation
spoon copied to clipboard
verified publisher icon INRIA

Dependency Dashboard

Open renovate[bot] opened this issue 4 years ago • 13 comments

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Edited/Blocked

The following updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox below.

  • [ ] build(deps): update dependency org.eclipse.jdt:org.eclipse.jdt.core to v3.44.0

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

  • [ ] build(deps): update javafx monorepo to v26-ea+19 (org.openjfx:javafx-fxml, org.openjfx:javafx-controls, org.openjfx:javafx-graphics, org.openjfx:javafx-base)
  • [ ] build(deps): update dependency com.google.guava:guava to v33.5.0-jre
  • [ ] build(deps): update actions/cache action to v5
  • [ ] build(deps): update actions/checkout action to v6
  • [ ] build(deps): update determinatesystems/nix-installer-action action to v21
  • [ ] build(deps): lock file maintenance
  • [ ] Click on this checkbox to rebase all open PRs at once

Detected Dependencies

dockerfile (1)
doc/jenkins/Dockerfile (1)
  • stackbrew/ubuntu 16.04@sha256:cd39646de5628c8188396c506fdc76dd94c7652a82439cc4318cfc05cc93fbb7
github-actions (6)
.github/actions/setup-tests/action.yml (4)
  • DeterminateSystems/nix-installer-action v20@786fff0690178f1234e4e1fe9b536e94f5433196
  • DeterminateSystems/magic-nix-cache-action v13@565684385bcd71bad329742eefe8d12f2e765b39
  • DeterminateSystems/flake-checker-action v12@3164002371bc90729c68af0e24d5aacf20d7c9f6
  • actions/cache v4.3.0@0057852bfaa89a56745cba8c7296529d2fc39830
.github/workflows/jreleaser.yml (3)
  • actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • actions/attest-build-provenance v3.0.0@977bb373ede98d70efdf65b84cb5f73e068dcc2a
  • actions/upload-artifact v5@330a01c490aca151604b8cf639adc76d48f6c5d4
.github/workflows/qodana.yml (9)
  • actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • JetBrains/qodana-action v2025.2.4@99ec27a55aaaf5ba2fd7e5816e66231caed7a72a
  • github/codeql-action v4@cf1bb45a277cb3c205638b2cd5c984db1c46a412
  • actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • JetBrains/qodana-action v2025.2.4@99ec27a55aaaf5ba2fd7e5816e66231caed7a72a
  • github/codeql-action v4@cf1bb45a277cb3c205638b2cd5c984db1c46a412
  • actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • JetBrains/qodana-action v2025.2.4@99ec27a55aaaf5ba2fd7e5816e66231caed7a72a
  • github/codeql-action v4@cf1bb45a277cb3c205638b2cd5c984db1c46a412
.github/workflows/sbom.yml (4)
  • actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • actions/setup-java v5.1.0@f2beeb24e141e01a676f977032f5a29d81c9e27e
  • actions/cache v4.3.0@0057852bfaa89a56745cba8c7296529d2fc39830
  • slsa-framework/github-actions-demo v0.1@9474e92bbf825d5b4b46810fc9367dfc73429a2a
.github/workflows/scorecards.yml (5)
  • step-security/harden-runner v2.14.0@20cf305ff2072d973412fa9b1e3a4f227bda3c76
  • actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • ossf/scorecard-action v2.4.3@4eaacf0543bb3f2c246792bd56e8cdeffafb205a
  • actions/upload-artifact v5.0.0@330a01c490aca151604b8cf639adc76d48f6c5d4
  • github/codeql-action v4.31.7@cf1bb45a277cb3c205638b2cd5c984db1c46a412
.github/workflows/tests.yml (9)
  • actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • actions/setup-java v5@f2beeb24e141e01a676f977032f5a29d81c9e27e
  • actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd
  • actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd
gradle (2)
spoon-dataflow/build.gradle (6)
  • se.patrikerdes.use-latest-versions 0.2.19
  • com.github.ben-manes.versions 0.53.0
  • com.github.johnrengelman.shadow 8.1.1
  • commons-cli:commons-cli 1.11.0
  • tools.aqua:z3-turnkey 4.14.1
  • org.junit.jupiter:junit-jupiter 6.0.1
spoon-dataflow/settings.gradle (0)
gradle-wrapper (1)
spoon-dataflow/gradle/wrapper/gradle-wrapper.properties (1)
  • gradle 9.2.1
html (1)
doc/_includes/head.html (2)
  • jquery 3.7.1
  • jquery-cookie 1.4.1
maven (7)
pom.xml (20)
  • org.eclipse.jdt:org.eclipse.jdt.core 3.41.0
  • com.martiansoftware:jsap 2.1
  • org.slf4j:slf4j-api 2.0.17
  • commons-io:commons-io 2.21.0
  • org.apache.commons:commons-lang3 3.20.0
  • org.tukaani:xz 1.11
  • com.fasterxml.jackson.core:jackson-databind 2.20.1
  • org.apache.commons:commons-compress 1.28.0
  • org.jspecify:jspecify 1.0.0
  • org.assertj:assertj-core 3.27.6
  • com.google.guava:guava 33.4.0-jre
  • ch.qos.logback:logback-classic 1.5.22
  • com.mysema.querydsl:querydsl-core 3.7.4
  • org.apache.maven.shared:maven-invoker 3.3.0
  • javax.validation:validation-api 2.0.1.Final
  • org.kohsuke.metainf-services:metainf-services 1.11
  • javax.xml.bind:jaxb-api 2.3.1
  • org.apache.maven.plugins:maven-enforcer-plugin 3.6.2
  • org.apache.maven.plugins:maven-checkstyle-plugin 3.6.0
  • com.diffplug.spotless:spotless-maven-plugin 3.1.0
spoon-control-flow/pom.xml (3)
  • org.apache.maven.plugins:maven-checkstyle-plugin 3.6.0
  • fr.inria.gforge.spoon:spoon-core 11.2.1
  • org.jgrapht:jgrapht-core 1.5.2
spoon-decompiler/pom.xml (5)
  • fr.inria.gforge.spoon:spoon-core 11.2.1
  • org.jboss.windup.decompiler.fernflower:fernflower 2.5.0.Final
  • org.bitbucket.mstrobel:procyon-compilertools 0.6.0
  • org.benf:cfr 0.152
  • org.apache.maven.plugins:maven-checkstyle-plugin 3.6.0
spoon-javadoc/pom.xml (1)
  • org.assertj:assertj-core 3.27.6
spoon-pom/pom.xml (35)
  • org.mockito:mockito-core 5.21.0
  • org.junit.jupiter:junit-jupiter-engine 6.0.1
  • org.junit.jupiter:junit-jupiter-params 6.0.1
  • org.junit.platform:junit-platform-launcher 6.0.1
  • org.mockito:mockito-junit-jupiter 5.21.0
  • org.hamcrest:hamcrest 3.0
  • org.assertj:assertj-core 3.27.6
  • org.apache.maven.plugins:maven-jar-plugin 3.5.0
  • org.kohsuke.metainf-services:metainf-services 1.11
  • org.cyclonedx:cyclonedx-maven-plugin 2.9.1
  • org.apache.maven.plugins:maven-antrun-plugin 3.2.0
  • org.apache.maven.plugins:maven-assembly-plugin 3.8.0
  • org.apache.maven.plugins:maven-clean-plugin 3.5.0
  • org.apache.maven.plugins:maven-compiler-plugin 3.14.1
  • org.apache.maven.plugins:maven-dependency-plugin 3.9.0
  • org.apache.maven.plugins:maven-deploy-plugin 3.1.4
  • org.apache.maven.plugins:maven-install-plugin 3.1.4
  • org.apache.maven.plugins:maven-javadoc-plugin 3.12.0
  • org.apache.maven.plugins:maven-project-info-reports-plugin 3.9.0
  • org.apache.maven.plugins:maven-release-plugin 3.3.0
  • org.apache.maven.plugins:maven-resources-plugin 3.4.0
  • org.apache.maven.plugins:maven-site-plugin 3.21.0
  • org.apache.maven.plugins:maven-surefire-plugin 3.5.4
  • com.mycila:license-maven-plugin 5.0.0
  • org.jacoco:jacoco-maven-plugin 0.8.14
  • org.eluder.coveralls:coveralls-maven-plugin 4.3.0
  • javax.xml.bind:jaxb-api 2.3.1
  • org.sonatype.plugins:nexus-staging-maven-plugin 1.7.0
  • org.apache.maven.wagon:wagon-ssh 3.5.3
  • org.apache.maven.plugins:maven-source-plugin 3.4.0
  • org.apache.maven.plugins:maven-gpg-plugin 3.2.8
  • org.apache.maven.plugins:maven-deploy-plugin 3.1.4
  • org.apache.maven.plugins:maven-source-plugin 3.4.0
  • org.apache.maven.plugins:maven-deploy-plugin 3.1.4
  • org.jacoco:jacoco-maven-plugin 0.8.14
spoon-smpl/pom.xml (3)
  • org.apache.maven.plugins:maven-checkstyle-plugin 3.6.0
  • fr.inria.gforge.spoon:spoon-core 11.2.1
  • fr.inria.gforge.spoon:spoon-control-flow 0.0.2-SNAPSHOT
spoon-visualisation/pom.xml (12)
  • org.apache.maven.plugins:maven-shade-plugin 3.6.1
  • org.openjfx:javafx-maven-plugin 0.0.8
  • io.github.interacto:interacto-javafx 4.3.1
  • fr.inria.gforge.spoon:spoon-core 11.2.1
  • org.openjfx:javafx-base 26-ea+6
  • org.openjfx:javafx-graphics 26-ea+6
  • org.openjfx:javafx-controls 26-ea+6
  • org.openjfx:javafx-fxml 26-ea+6
  • org.jetbrains:annotations 26.0.2-1
  • org.junit.jupiter:junit-jupiter-engine 6.0.1
  • org.testfx:testfx-junit5 4.0.18
  • org.testfx:openjfx-monocle 21.0.2
nix (1)
flake.nix (1)
  • nixpkgs nixos-unstable
npm (1)
doc/_release/changelog_generator/package.json (2)
  • git-log-parser ^1.2.0
  • through2 ^4.0.0
  • [ ] Check this box to trigger a request for Renovate to run again on this repository

renovate[bot] avatar Aug 30 '21 09:08 renovate[bot]

@cesarsotovalero this PR shows a new cool feature of @renovate-bot

monperrus avatar Aug 30 '21 12:08 monperrus

We may use this issue for discussion about blocked dependency updates. @I-Al-Istannen had a fun debugging session for this problem(https://github.com/INRIA/spoon/pull/4699#issuecomment-1152383529) and it seems like we need a newer version of maven-project-info plugin. The update was closed unmerged a while ago. Was there any concern with the new version, or can we update it?

MartinWitt avatar Jun 15 '22 07:06 MartinWitt

The update was closed unmerged a while ago.

Which update? Linkety link?

slarse avatar Jun 16 '22 16:06 slarse

I assume https://github.com/INRIA/spoon/pull/4456. I think we should explicitly list the default plugins (like maven-site-plugin) we rely on, so renovate can update them too. It seems to have missed the site plugin update, as it is not declared anywhere? Once we update the site plugin, we can update the javadoc plugin and probably also the report plugin without further breakage.

I-Al-Istannen avatar Jun 16 '22 19:06 I-Al-Istannen

I think we should explicitly list the default plugins (like maven-site-plugin)

Agreed. This is best practice AFAIK.

slarse avatar Jun 16 '22 19:06 slarse

@MartinWitt There are some dependency lookup errors. Maybe that's causing trouble? I also don't see why it would and there's nothing I can find in the docs about it, but eh, it's something.

slarse avatar Apr 26 '23 18:04 slarse

Okay, I believe the branch protection was the problem. I will investigate this further and try to enable it. The UI is a bit confusing because we somehow have 2 ways now to do the same. GitHub rules and branch protection.

Currently, the master is not protected, so please don't test the branch protection and try to push to master.

MartinWitt avatar Apr 27 '23 10:04 MartinWitt

To keep the conversation about dependencies and renovate focused, let's use this issue for this topic. As the configuration is new for us, there will still be some changes needed.

https://github.com/INRIA/spoon/pull/5180 we currently don't automerge pinning of hashes. Anyone against enabling it?

MartinWitt avatar Apr 27 '23 10:04 MartinWitt

Dependency pinning is good, I vote for automerge.

slarse avatar Apr 27 '23 18:04 slarse

me too.

monperrus avatar May 01 '23 09:05 monperrus

Current unmerged dependency updates

Looks, we finally have the dependencies back in our control.

MartinWitt avatar May 03 '23 12:05 MartinWitt

About the last lookup problem, I've asked at https://github.com/renovatebot/renovate/issues/6894#issuecomment-1537044261

monperrus avatar May 06 '23 04:05 monperrus

no more dependency lookup problem thanks to https://github.com/SpoonLabs/spoon-dependencies/commit/4b8a7afad36643502aa2fd1f02111c2cda760aed

monperrus avatar May 06 '23 20:05 monperrus